Mozilla Patches TraceMonkey Exploit with Firefox 3.5.1

Paul Lilly

If you're a Firefox user, be sure to grab the latest update bringing Firefox 3.5 to 3.5.1. A number of security and stability issues have been addressed in the newest release, but its main purpose was to patch a critical security vulnerability in the browser's TraceMonkey JavaScript engine. Prior to the patch, the bug could cause Firefox to crash when typing text into an input box on certain websites.

"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter," wrote Mozilla's Blake Kaplan in a comment on the bug report.

It didn't take long for researchers to discover that the bug was exploitable and could be used to execute arbitrary code. It's also been squashed in the 3.5.1 update, however researchers have discovered a similar bug that remains. According to Mozilla, it is looking into the issue, but so far doesn't believe the newly discovered bug is exploitable.

Around the web