Quantcast

Don't have an account? Register Now! Forgot password?

Related Articles
Maximum IT
SEE MORE MAXIMUM IT
News

How To Protect Yourself from Newly Discovered "Critical" JavaScript Vulnerability in Firefox 3.5

Posted 07/15/09 at 01:30:11 PM  by Paul Lilly

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponRedditFacebookSlashdot

According to Mozilla, a bug was discovered last week in Firefox 3.5's Just-in-Time JavaScript compiler and was disclosed publicly on Monday. Mozilla classifies the vulnerability as "critical," saying it can be used to execute malicious code. More specifically, by exploiting the bug, a hacker could trick a victim into viewing a malicious website containing the exploit code.

"This vulnerability is due to an error in the way JavaScript code is processed," the US-CERT acknowledged. "Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability."

While Mozilla said it is currently working on a fix, Firefox 3.5 users don't have to be sitting ducks. Mozilla says the vulnerability can be mitigated by disabling the JIT in the JavaScript engine, which you can accomplish by doing the following:

  1. Enter about:config in the browser's location bar
  2. Type jit in the Filter box
  3. Double-click the line containing javascript.options.jit.content and set the value to false

Mozilla warns that this is a temporary fix and will reduce JavaScript performance. Once an official fix has been put in place, you'll want to go back in and change the value back to true.

If you'd rather not mess around with about:config settings, you can still disable JIT by running Firefox in Safe Mode, which is accessible from the Mozilla Firefox folder.

COMMENTS:10
TAGS: Software, Security, browser, vulnerability, JavaScript, Critical, firefox 3.5, js
COMMENTS
avatarI'm running NoScript, have

Submitted by tehR0XX0Rz on Wed, 07/15/2009 - 4:30pm

I'm running NoScript, have used it for a couple years now. But I'm getting cross-script pop-ups I've never seen before. And embedded videos are freaking out every 15 minutes or so. I'm trying to watch Burn Notice episodes I missed, and every 15-20 minutes, the audio gets replaced with the amplified electronic noise of my computer. I have to close FireFox to stop it.

I'm uninstalling and going back to an older version. 3.5 is a total bugfest.

Login or register to post comments
avatarthats the beauty of firefox

Submitted by dc10ten on Wed, 07/15/2009 - 3:53pm

thats the beauty of firefox extensions

 https://addons.mozilla.org/en-US/firefox/addon/722

 

Login or register to post comments
avatarWhen watching inbedded

Submitted by tehR0XX0Rz on Wed, 07/15/2009 - 1:27pm

When watching inbedded videos, I occassionally get electronic noise instead of the audio stream of the video. Started after upgrading to 3.5. Maybe 3.5 was rushed tin response to the hype surrounding browser "speed."

Login or register to post comments
avatarGeez, what's with all the

Submitted by I Jedi on Wed, 07/15/2009 - 1:13pm

Geez, what's with all the hate towards Firefox lately, guys? I notice no problems when I surf the web with Firefox. This is a temporary issue that they will have resolved. You can't honestly expect them to foresee ever single problem with their browser, can you? And for that matter, anyone else, too.

**UPDATE**

Furthermore, we're lucky they even caught it early to begin with, rather than it being out in the wild and unknown to the masses for even longer.

Login or register to post comments
avatarLOL @ going to ie. your

Submitted by dethdeks on Wed, 07/15/2009 - 1:02pm

LOL @ going to ie. your complaining about 1 tiny bug in firefox's javascript engine and your gonna jump to the most buggiest browser there is? isnt that pretty much going from having an open window to opening all windows and doors in your house? kinda retarded, considering the fix takes a whole 30 seconds to do. acaully less because in the time it took me to type this response i did the fix on all 4 computers in my house. funny how a 2 second fix is going to detour someone to switch browsers which would take like 8 times the lenght to download/install on all your pc's then it would to just do the fix and stop bitching about 1 tiny problem.

Login or register to post comments
avatar1 tiny bug? You obviously

Submitted by DBsantos77 on Wed, 07/15/2009 - 5:15pm

1 tiny bug? Go troll somewhere else I'll use what I want.. You obviously either 1. haven't been using it long enough to experience problems. Or 2. are oblivious to the articles written IN THIS SITE explaining more issues.

Oh, and I'll run IE8 any day, given that I actually know how use Windows Update to eliminate myself of most if any, bugs.

Login or register to post comments
avatarI'm sure they have other

Submitted by I Jedi on Wed, 07/15/2009 - 1:07pm

I'm sure they have other reasons, rather legitimately sound or not, for wanting to leave Firefox. However, I'm in agreement with you. This exploit can be fixed very simply.

Login or register to post comments
avatarWow. Mozilla has just plain

Submitted by DBsantos77 on Wed, 07/15/2009 - 11:56am

Wow. Mozilla has just plain **cked up with 3.5 What gives? Temporary fix? No reason the end-user would have to do that, geez talk about Quality Control.

If the next release screws up I'm leaving Firefox all together and using either Opera or IE. Neither of which have huge issues.

Login or register to post comments
avatarAgreed

Submitted by jhonka232 on Wed, 07/15/2009 - 11:58am

I agree, I have even switched to safari for windows!

Login or register to post comments
avatarI might give Safari a shot,

Submitted by DBsantos77 on Wed, 07/15/2009 - 12:21pm

I might give Safari a shot, somethin different then the usual.

Login or register to post comments

This Month's Issue
Maximum PC
SUBSCRIBE NOW
AND SAVE!
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works