Share
By the time you read these lines, Firefox has an update it wants to install. Earlier this week, Secunia issued an advisory warning of a memory corruption vulnerability discovered in Firefox 3.5. Three days worth of testing later, Mozilla has pushed out Firefox 3.5.1, with a fix for this error as well as corrections for several other bugs.
Mozilla releases patch for JavaScript vulnerability. (IMG:J.Anderson)
“Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state,” said Mozilla’s security advisory, adding that if the vulnerability was exploited it could be used by an attacker to run arbitrary code such as installing Malware.
Secunia warned of the flaw after a person going by the name SBerry released proof-of-code on Milw0rm. SBerry’s posted code exploits the way Firefox 3.5 processes JavaScript code when handling FONT tags in HTML.
The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Oddly enough, TraceMonkey was already set to be patched this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5. In other words, while vulnerabilities like this are horrible, this one came at a perfect time as developers were already giving TraceMonkey a thorough cleaning.
Before this patch was released, the general advice, started by Washington Post reporter Brian Krebs, was to disable "javascript.options.jit.content" in about:config.
You can download Firefox 3.5.1 now from the normal places. Existing users should use the automatic update feature, but the odds are that it’s already downloaded and you just need a browser restart to apply it.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story