Filed under: Security, Mozilla, Browsers
Critical Firefox 3.5 javascript exploit surfaces
In just over two weeks, Firefox 3.5 has been downloaded almost 28 million times. And yes, 3.5 boasts greatly improved JavaScript performance.
Unfortunately, the JIT compiler also sports a critical weakness in its current state. A web site containing the correct exploit code (which has been shared by Simon Berry at milw0rm.com) could allow an attacker to execute arbitrary code on vulnerable systems.
For the time being, you can disable the JIT compiler to protect yourself. Open about:config in Firefox , type jit in the search box, and double-click javascript.options.jit.content. Set the value to false. Doing this will reduce JavaScript performance, but will close up the hole until it is officially patched.
It's interesting to note that Mozilla was already aware of the bug and planning on releasing a patch some time in the next two weeks. On the official security blog, one developer states, "This fix was going to be in the 3.5.x update we had scheduled for the end of July, but obviously now we have moved up the schedule for release."
Unfortunately, the JIT compiler also sports a critical weakness in its current state. A web site containing the correct exploit code (which has been shared by Simon Berry at milw0rm.com) could allow an attacker to execute arbitrary code on vulnerable systems.
For the time being, you can disable the JIT compiler to protect yourself. Open about:config in Firefox , type jit in the search box, and double-click javascript.options.jit.content. Set the value to false. Doing this will reduce JavaScript performance, but will close up the hole until it is officially patched.
It's interesting to note that Mozilla was already aware of the bug and planning on releasing a patch some time in the next two weeks. On the official security blog, one developer states, "This fix was going to be in the 3.5.x update we had scheduled for the end of July, but obviously now we have moved up the schedule for release."
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Rocketboy said 9:31AM on 7-15-2009
ZMG! Firefox had a security flaw! And they sat on it before they released it!
Screw that, I'm going back to Lynx.
Reply
Brian said 9:50AM on 7-15-2009
It was bound to happen.....
Reply
David Gerard said 10:38AM on 7-15-2009
@Rocketboy - real men telnet to port 80.
(REAL real men take the microfilter off, pick up the phone and whistle DSL at 500kHz.)
Reply
Mike7 said 2:48PM on 7-15-2009
Firefox is vulnerable to something? No way, that's like a Honda being called "the worst new car your can buy today". It'll never...oh wait...
http://www.autoblog.com/2009/05/18/jeremy-clarkson-calls-honda-insight-biblically-terrible/
Reply
Quikboy said 9:40AM on 7-16-2009
I'll bookmark this, to keep in my collection of links to disprove people that claim Firefox is all that and has no flaws, and IE is the worst.
Reply
Brian said 5:56PM on 7-17-2009
They have fixed this issue among others in a update which has just been released. Firefox 3.5.1
Reply