Secunia, after a person going by the name SBerry released code on Milw0rm, has issued an advisory warning of a memory corruption error in Mozilla’s newest version of Firefox, version 3.5. The vulnerability, if exploited, allows code execution that could lead to system compromise.
Firefox memory corruption vulnerability discovered. (IMG:J.Anderson)
Mozilla is aware of this issue, but has not released comments or a timeframe for any patches. Later this month, if not sooner, Mozilla is expected to release the first round of patches for Firefox 3.5, which will include both bug and security fixes. It’s possible that this newest vulnerability will be patched as well, if it was discovered before the proof-of-concept code was released. This is because on July 10, Mozilla’s QA team held a Security Test Day, which followed a BugDay held on July 7.
SBerry’s posted code exploits the way Firefox 3.5 processes JavaScript code when handling FONT tags in HTML. The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Interestingly, TraceMonkey is one of the things that is certain to be patched later this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5.
Secunia is offering advice to Firefox users that until this newest vulnerability is patched, they should avoid untrusted websites and links. However, Brian Krebs took the smart road in his advice on the issue. Krebs, who is a reporter for the Washington Post, advised his users to disable "javascript.options.jit.content" in about:config. This fix has a drawback however, it will lower the rendering speeds of JavaScript, which is one of the major performance improvements in Firefox 3.5. If you are willing to take the trade, then his fix should work fine.
While not a severe as the vulnerability issue disclosed today, Firefox 3.5 has another little glitch that exposes DNS information for users wanting to remain anonymous using proxy settings.
Researcher and blogger Tw1zl3r reports that , “The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.”
However, some users who tested his point wonder if the DNS leak has more to do with an add-on than Firefox itself. However, if it is a Mozilla issue, then it would need to be addressed as soon as possible. Odds are it will be.
Comment on this Story