Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Business Intelligence

Servers & Data Center

Computerworld Reports

Case Study Library

Industry

This Week in Print

Print Subscriptions

See your link here

Sharon Machlis

Machlis Musings

More posts | Read bio

July 15, 2009 - 7:40 A.M.

Firefox 3.5 'highly critical' security hole in the wild

TAGS:CERT, Firefox, Firefox 3.5
IT TOPICS:Cybercrime & Hacking, Security

Firefox 3.5 has a security vulnerability in the way it handles JavaScript code, potentially allowing an attacker to execute code on a victim's computer, according to code posted on the milw0rm site.

I'm not sure yet whether it was the new version's effort to speed up JavaScript handling is what caused the problem.

Security firm Secunia says the issue is "highly critical" and is also unsure whether older versions of the browser are affected.

Until the issue is fixed, Secunia suggests setting your "javascript.options.jit.content" to "false" in Firefox's about:config.

CERT advises: "To disable the vulnerable components, use the about:config interface to set javascript.options.jit.content and javascript.options.jit.chrome to false. This will still allow JavaScript to run, but it will disable the TraceMonkey performance enhancements."

The security hole was first reported by Simon Berry-Byrne ("SBerry"), with an example of exploit code.

Reply

Print

Reply

Related Posts

Report: Firefox is the world's most vulnerable browser

IObit accused of stealing from Malwarebytes

Is the Windows 7 adoption surge driven by piracy?

Spam culture, part 3: Nigeria (and 419 scams)

Today's Top Stories

IE9 to tap hardware to boost performance

Free Web apps to help organize your holidays

KT to sell iPhone in South Korea

New attack fells Internet Explorer

Google's Chrome OS hits BitTorrent

The 5 best and worst features of Google Chrome OS

Hot Posts

Ubuntu's Canonical and Google partner to create Chrome

Posted by Steven J. Vaughan-Nichols | 91 comments

Five ways to improve Microsoft Office 2010

Posted by Preston Gralla | 8 comments

Google Phone is actually a VoIP phone?

Posted by Seth Weintraub | 7 comments

Recent Comments

Hey Nichols where is the web app equivalent of photoshop...48 min 26 sec ago

"(yes, the keyboard and...56 min 15 sec ago

No one programs cool stuff for Linux because all the users...56 min 35 sec ago

White Papers & Webcasts

Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Email Archiving: A Business-Critical Application
Get this paper now!

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Sign up to receive updates on the latest Security resources

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Sharon Machlis's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

CSO

DEMO

IDC

IDG

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITworld

Macworld

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.