Firefox 3.5 'highly critical' security hole in the wild

Firefox 3.5 has a security vulnerability in the way it handles JavaScript code, potentially allowing an attacker to execute code on a victim's computer, according to code posted on the milw0rm site.

I'm not sure yet whether it was the new version's effort to speed up JavaScript handling is what caused the problem.

Security firm Secunia says the issue is "highly critical" and is also unsure whether older versions of the browser are affected.

Until the issue is fixed, Secunia suggests setting your "javascript.options.jit.content" to "false" in Firefox's about:config.

CERT advises: "To disable the vulnerable components, use the about:config interface to set javascript.options.jit.content and javascript.options.jit.chrome to false. This will still allow JavaScript to run, but it will disable the TraceMonkey performance enhancements."

The security hole was first reported by Simon Berry-Byrne ("SBerry"), with an example of exploit code.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies