Highly Critical Javascript Vulnerability Found in Firefox 3.5
By on July 15th, 2009

Last week a critical bug was discovered in Mozilla Firefox’s JavaScript engine. Unfortunately, the details of exploiting this bug was released yesterday and is currently doing the rounds on the internet. This bug affects Firefox’s new JavaScript rendering engine(TraceMonkey) and has been termed as highly critical by the Secunia.com. Hackers can gain control of any user’s system by installing rogue software when they visit an exploited website.

Mozilla has confirmed that they are working on a fix. In the meantime there are a couple quick fixes you can implement.

  • This vulnerability only affects the new Just In Time compiler that is a part of Tracemonkey JavaScript engine. Hence, you would be safe if you disable the new engine.

    • Type “about:config” in the address bar and press Enter. Ignore the warning.
    • In the filter box type “jit”. You should notice an entry titled “javascript.options.jit.content”.
    • Change its value from True to False. You can change the value by double clicking on the line or using Toggle option from the right click context menu.
      This will force Firefox to use the older rendering engine which is slower, but immune to this exploit. Once a patch is released simply change the value back to true.
  • Another solution is to simply block JavaScript on all untrusted websites using No-Script extension.

Firefox : Config Screen

The critical nature of this vulnerability coupled with the full disclosure of the exploit is extremely worrying. Until a fix is released by Mozilla we would highly recommend that all Firefox users apply these quick fixes and stay on the safer side.

Tags: , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.
  • http://tech-mania.com Sid

    Thanks keith i ll update…

  • http://www.pallab.net Pallab

    @Sid : Updating won’t solve the issue. In fact older versions aren’t affected. Fx v3.5 which uses the latest JIT JS compiler, is the one which is affected.

  • Lawrence

    Thanks for the information. Right now my Firefox 3.5 cannot open, i keep getting the message that it has stopped working. I feel i have already been attached. What should i do? install a fresh copy?

    • http://www.pallab.net Pallab De

      Install Firefox 3.6 and see if that solves the problem.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN