Security vulnerability found in Firefox 3.5; Update: fixed with 3.5.1
Security specialists, Secunia, have released a highly critical advisory regarding a vulnerability in Mozilla's latest version of its popular Web browser, Firefox.
From Secunia:
"SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.Possible solutionThe vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 3.5. Other versions may also be affected."
From Secunia:
"Solution: Set "javascript.options.jit.content" to "false" by opening about:config.As always, be sure to create stable backups of your data regularly. Expect to see a patch for this vulnerability in the next few days from Mozilla.Do not browse untrusted websites or follow untrusted links."
Resources
Read more about the Firefox vulnerability at Secunia's Web site.
UPDATE: A new version of Firefox (3.5.1) is available that addresses this vulnerability, and is recommended for all Firefox users.
Experiencing problems? Have feedback? Let us know!
You can now follow MacFixIt on Twitter!
Resources