Mozilla Patches TraceMonkey Exploit with Firefox 3.5.1
Mozilla Patches TraceMonkey Exploit with Firefox 3.5.1
Posted 07/20/2009 at 3:39am
| by Paul Lilly
3
Comments
Print
If you're a Firefox user, be sure to grab the latest update bringing Firefox 3.5 to 3.5.1. A number of security and stability issues have been addressed in the newest release, but its main purpose was to patch a critical security vulnerability in the browser's TraceMonkey JavaScript engine. Prior to the patch, the bug could cause Firefox to crash when typing text into an input box on certain websites.
"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.
It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.
More like this
Psychic51
July 20, 2009 at 11:21pm
I've seen more crashes in Firefox 3.5.1 than I've ever seen. I installed it on my regular PC and a laptop I'm building for a friend. Both installs crashed. The laptop crashed so hard I couldn't even open Firefox into safe mode. Both installs were on relatively new installations of Win XP.
I went back to 3.0.11
sk8nrck2
July 20, 2009 at 8:17am
I personally have had trouble with Firefox ever since 3.0.12, or whatever it was came out. It freezes SO much more than any other browser I've used, and this newest update still does it.
Any fixes?
geekspotnow.blogspot.com
nmanguy
July 20, 2009 at 6:15am
Now they just have to patch the random freezing for ten seconds. Somewhere between the beta and the release they introduced it.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Analysts: 9-Inch Kindle Fire This Summer http://t.co/QDYApwCZ5 hours 37 min ago
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm8 hours 34 min ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ9 hours 48 min ago
