Firefox 3.5: Critical Vulnerability Uncovered, People Want it Nonetheless

Article by George Norman (Cybersecurity Editor)

on 16 Jul 2009

The first security vulnerability affecting the recently released Firefox 3.5 browser has been discovered. The security issue in question is a JavaScript vulnerability that could be exploited by a person with malicious intent to execute code on the targeted machine – the rating the security vulnerability has been given by Mozilla is “critical”.

“A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly. It is a critical vulnerability that can be used to execute malicious code. The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine,” explained Mozilla.

The workaround provided by Mozilla, disabling the JIT in the JavaScript engine as mentioned above, is described below:
- Launch Firefox 3.5 and in the address bar type in about:config
- In the filter box, at the top of the config editor, type in jit
- Double-click the line containing javascript.options.jit.content setting the value to false.

By enabling this workaround you will ensure your system’s protection, at least until the Mozilla Foundation rolls out a security update. That’s the upside; the downside is that you will experience decreased JavaScript performance. Consequently, once an update resolving this issue is released, you should disable the workaround. The steps for doing so are described below:

- Launch Firefox 3.5 and in the address bar type in about:config
- In the filter box, at the top of the config editor, type in jit
- Double-click the line containing javascript.options.jit.content setting the value to true.

The truth of the matter is that security is an issue that affects all browsers out there. But the good folks in the US State Department don’t care about that; all they care is switching from Internet Explorer to Firefox. The issue came up at a recent town hall meeting where one government employee asked US Secretary of State Hilary Clinton if they could start using Firefox instead of Internet Explorer (video here – head straight to 26:30).


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all