Information Technology Services

213.414.6534213.414.6534

SECURE COAT® BELIEVE IN SERVING, RATHER THAN EARNING

About

Firefox 3.5.1 Fixes Security Vulnerability

Mozilla stitched a security hole in Firefox 3.5, fixing a vulnerability in the browser after attack code targeting the vulnerability was made public earlier this week. 

With Firefox 3.5.1, Mozilla fixes a critical flaw in the TraceMonkey JavaScript engine's JIT (just-in-time) compiler that could be exploited to run arbitrary code. The vulnerability was reported last week, but took on new urgency for users when attack code for the bug became public while users waited on a fix.

“In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state,” according to Mozilla. “This could be exploited by an attacker to run arbitrary code such as installing malware.”


If the patch cannot be deployed right away, there is a workaround for users. Mozilla recommends users disable JIT in the JavaScript engine and provides instructions on how to do so here. Firefox 3.5 is the only version of the browser vulnerable to the attack, as it is the only one with JIT. 

Better than 20 other bugs were also fixed in the update, which can be downloaded here.

Technology Partners
Scroll Left
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
Scroll Right
© 2012 All rights reserved. Secure Coat®, Suite# 426, 4th Floor, Block-14, Mashrique Centre, Suleman Farsi Road, Gulshan-e-Iqbal, Karachi-75300