Sharon Machlis

Machlis Musings

Firefox 3.5 'highly critical' security hole in the wild

TAGS:CERT, Firefox, Firefox 3.5
IT TOPICS:Cybercrime & Hacking, Security

Firefox 3.5 has a security vulnerability in the way it handles JavaScript code, potentially allowing an attacker to execute code on a victim's computer, according to code posted on the milw0rm site.

I'm not sure yet whether it was the new version's effort to speed up JavaScript handling is what caused the problem.

Security firm Secunia says the issue is "highly critical" and is also unsure whether older versions of the browser are affected.

Until the issue is fixed, Secunia suggests setting your "javascript.options.jit.content" to "false" in Firefox's about:config.

CERT advises: "To disable the vulnerable components, use the about:config interface to set javascript.options.jit.content and javascript.options.jit.chrome to false. This will still allow JavaScript to run, but it will disable the TraceMonkey performance enhancements."

The security hole was first reported by Simon Berry-Byrne ("SBerry"), with an example of exploit code.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

New protection against Firesheep attacks

The Microsoft and Firefox browser security fight -- why they're both wrong

Scareware scam mimics Firefox and Chrome malicious attack warnings

Report: Firefox is the world's most vulnerable browser

Today's Top Stories

Essential browser tools for Web developers

Hands on: The new iPad

Microsoft cuts the prices of some Office 365 plans

Google works to overhaul its search

Mozilla will start Firefox silent updates in June

Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?

Hot Posts

Google wins again vs. Oracle: No patent probs.

Posted by IT Blogwatch |

Apple iPhone 5 -- fresh reports claim 4-inch display

Posted by Jonny Evans |

London's flying cameras spy shoelaces nearly a mile away; Will drones in the USA?

Posted by Darlene Storm |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Cybercrime and Hacking White Papers

Application Security Services - Government and Cyber Security: U.S. Public Sector Application Security Services bridge the gap between traditional application development processes and techniques, and the requisite security mechanisms needed to...
HP Cybersecurity Offerings: HP has been in the security business since our inception, providing critical security services to clients at every level of government and Fortune...
Streamline Compliance and Increase ROI: Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...

Cybercrime and Hacking Webcasts

WikiLeaks: How am I Affected?: The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Analytics Without Limits: The Latest on Oracle Exalytics In-Memory Machine and Oracle Business Intelligence: Analytics at the Speed of Thought

What if you could run financial and operational planning cycles 10 times faster? Or monitor and adjust...
EMC and VMware Solution Track: The EMC and VMware Solution Track is a single destination for the most up-to-date resources on how EMC can enhance, extend and accelerate...

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

Firefox 3.5 'highly critical' security hole in the wild

Related Posts

Today's Top Stories

Hot Posts

Sharon Machlis's Archive

IT Topics