Orkut Sharing

Saturday, July 18, 2009

Firefox 3.5.1 Fixes Critical Security Vulnerability

Recently Firefox has released Firefox 3.5.1 which fixes one of the critical security problem.  A crash that was determined which could result in an exploitable memory corruption problem which was reported by a Firefox user zbyte.


Problem Description

firefox_35

This issue happens in certain cases after a return from a native function such as escape() the “Just In Time” (JIT) compiler which could lead to a corrupt state and it could be exploited by any attacker to install malware.

 

Impact on user

The vulnerability can trick a victim into viewing a malicious Web page containing the exploit code and affect the users machine without their knowledge .


Workaround

This vulnerability can be avoided by disabling the JIT in the JavaScript engine which is only for Firefox 3.5 users, earlier versions of Firefox are not affect which do not support the JIT feature.

Steps to disable JIT

  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to false.

NOTE: Disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. So I would suggest you to directly update to Firefox 3.5.1

 

Fix

update_firefox_3.5.1

You can click Help -> Check for Updates option to update your browser or it’ll automatically notify you about the update very soon. You would have to restart your Firefox after updating to Firefox 3.5.1

You can even use the given link to download the latest fix : Download Mozilla Firefox 3.5.1

Firefox 3.5.1 also fixes the following issues:

I would also request personally all the Firefox 3.5 users and Orkut Sharing subscribers to apply this update as soon as possible.

[ source: Mozilla ]

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home