Firefox 3.5 'highly critical' security hole in the wild

Firefox 3.5 has a security vulnerability in the way it handles JavaScript code, potentially allowing an attacker to execute code on a victim's computer, according to code posted on the milw0rm site.

I'm not sure yet whether it was the new version's effort to speed up JavaScript handling is what caused the problem.

Security firm Secunia says the issue is "highly critical" and is also unsure whether older versions of the browser are affected.

Until the issue is fixed, Secunia suggests setting your "javascript.options.jit.content" to "false" in Firefox's about:config.

CERT advises: "To disable the vulnerable components, use the about:config interface to set javascript.options.jit.content and to false. This will still allow JavaScript to run, but it will disable the TraceMonkey performance enhancements."

The security hole was first reported by Simon Berry-Byrne ("SBerry"), with an example of exploit code.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon