Firefox 3.5: Critical Vulnerability Uncovered, People Want it Nonetheless
Article by George Norman
On 16 Jul 2009
The first security vulnerability affecting the recently released Firefox 3.5 browser has been discovered. The security issue in question is a JavaScript vulnerability that could be exploited by a person with malicious intent to execute code on the targeted machine – the rating the security vulnerability has been given by Mozilla is “critical”.

“A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly. It is a critical vulnerability that can be used to execute malicious code. The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine,” explained Mozilla.

Advertising

The workaround provided by Mozilla, disabling the JIT in the JavaScript engine as mentioned above, is described below:
- Launch Firefox 3.5 and in the address bar type in about:config
- In the filter box, at the top of the config editor, type in jit
- Double-click the line containing javascript.options.jit.content setting the value to false.

By enabling this workaround you will ensure your system’s protection, at least until the Mozilla Foundation rolls out a security update. That’s the upside; the downside is that you will experience decreased JavaScript performance. Consequently, once an update resolving this issue is released, you should disable the workaround. The steps for doing so are described below:

- Launch Firefox 3.5 and in the address bar type in about:config
- In the filter box, at the top of the config editor, type in jit
- Double-click the line containing javascript.options.jit.content setting the value to true.

The truth of the matter is that security is an issue that affects all browsers out there. But the good folks in the US State Department don’t care about that; all they care is switching from Internet Explorer to Firefox. The issue came up at a recent town hall meeting where one government employee asked US Secretary of State Hilary Clinton if they could start using Firefox instead of Internet Explorer (video here – head straight to 26:30).



Tags: Mozilla, Firefox 3.5, Security, JavaScript
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 16 Jun 2017
When companies pick an official slogan or motto, they usually go with something they think will impress. Well, these aren't your regular slogans. These are snarky slogans thought up by a cranky a-hole.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Firefox 3.5: Critical Vulnerability Uncovered, People Want it Nonetheless
HTML Linking Code