Firefox 3.5.1 Fixes Critical Security Vulnerability

Recently Firefox has released Firefox 3.5.1 which fixes one of the critical security problem.  A crash that was determined which could result in an exploitable memory corruption problem which was reported by a Firefox user zbyte.

Problem Description

This issue happens in certain cases after a return from a native function such as escape() the “Just In Time” (JIT) compiler which could lead to a corrupt state and it could be exploited by any attacker to install malware.

 

Impact on user

The vulnerability can trick a victim into viewing a malicious Web page containing the exploit code and affect the users machine without their knowledge .

Workaround

This vulnerability can be avoided by disabling the JIT in the JavaScript engine which is only for Firefox 3.5 users, earlier versions of Firefox are not affect which do not support the JIT feature.

Steps to disable JIT

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

NOTE: Disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. So I would suggest you to directly update to Firefox 3.5.1

 

Fix

You can click Help -> Check for Updates option to update your browser or it’ll automatically notify you about the update very soon. You would have to restart your Firefox after updating to Firefox 3.5.1

You can even use the given link to download the latest fix : Download Mozilla Firefox 3.5.1

Firefox 3.5.1 also fixes the following issues:

• Several security issues.
• Several stability issues.
• An issue that was making Firefox take a long time to load on some Windows systems.
• Check out the complete list of changes in this version.

I would also request personally all the Firefox 3.5 users and Orkut Sharing subscribers to apply this update as soon as possible.

[ source: Mozilla ]