Quantcast

Don't have an account? Register Now! Forgot password?

Related Articles
Maximum IT
SEE MORE MAXIMUM IT
News

Mozilla Patches TraceMonkey Exploit with Firefox 3.5.1

Posted 07/20/09 at 06:39:03 AM  by Paul Lilly

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponRedditFacebookSlashdot

If you're a Firefox user, be sure to grab the latest update bringing Firefox 3.5 to 3.5.1. A number of security and stability issues have been addressed in the newest release, but its main purpose was to patch a critical security vulnerability in the browser's TraceMonkey JavaScript engine. Prior to the patch, the bug could cause Firefox to crash when typing text into an input box on certain websites.

"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.

It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.

COMMENTS:3
TAGS: Software, Security, patch, exploit, browser, Mozilla, firefox 3.5.1
COMMENTS
avatarCrash

Submitted by Psychic51 on Mon, 07/20/2009 - 11:21pm

I've seen more crashes in Firefox 3.5.1 than I've ever seen. I installed it on my regular PC and a laptop I'm building for a friend. Both installs crashed. The laptop crashed so hard I couldn't even open Firefox into safe mode. Both installs were on relatively new installations of Win XP.

I went back to 3.0.11

 

 

Login or register to post comments
avatarI personally have had

Submitted by sk8nrck2 on Mon, 07/20/2009 - 8:17am

I personally have had trouble with Firefox ever since 3.0.12, or whatever it was came out. It freezes SO much more than any other browser I've used, and this newest update still does it. 

 Any fixes?

 

geekspotnow.blogspot.com 

Login or register to post comments
avatarGood

Submitted by nmanguy on Mon, 07/20/2009 - 6:15am

Now they just have to patch the random freezing for ten seconds. Somewhere between the beta and the release they introduced it.

Login or register to post comments

This Month's Issue
Maximum PC
SUBSCRIBE NOW
AND SAVE!
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works