secunia.com - 7/14/2009
—
Description : SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory ...
pcworld.com - 7/15/2009
—
pcworld.com —
PC World reports on a critical security bug
discovered within the TraceMonkey JavaScript engine used in Firefox...
3.5. The vulnerability can be exploited by an attacker to hijack a machine, though users must first visit a malicious Web site that contains the exploit code. Older versions of ...
(more)
External Link: Beware of Firefox 3.5 Javascript ...
Comments
Blog Reactions
Firefox 3.5 vulnerable to critical Javascript attack
Macworld —
... . A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack, according to Secunia , which tracks security vulnerabilities. Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw. The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a ...
Security vulnerability found in Firefox 3.5
MacFixIt —
... arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected." Possible solution From Secunia: "Solution: Set "javascript.options.jit.content" to "false" by opening about:config. Do not browse untrusted websites or follow untrusted links." As always, be sure to create stable backups of your data regularly. Expect to see a patch for this vulnerability in the next few days from Mozilla. Resources Read more about the Firefox vulnerability at Secunia's Web site . Experiencing problems? Have feedback? ...
Security vulnerability found in Firefox 3.5; Update: fixed with 3.5.1
MacFixIt —
... arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected." Possible solution From Secunia: "Solution: Set "javascript.options.jit.content" to "false" by opening about:config. Do not browse untrusted websites or follow untrusted links." As always, be sure to create stable backups of your data regularly. Expect to see a patch for this vulnerability in the next few days from Mozilla. Resources Read more about the Firefox vulnerability at Secunia's Web site . UPDATE: A new version of Firefox (3.5.1) is available that addresses this ...
Related Content
Mozilla launches Firefox 3.5, starts kill clock for older 3.0
computerworld.com 7/1/2009 — Computerworld - Mozilla launched Firefox 3.5 today, ending six months of delays to wrap up its newest browser almost exactly a year after its last major upgrade. Firefox 3.5 was posted to Mozilla's servers early Tuesday, Eastern time. The browser, ...
Mozilla Working on iPhone App. Don’t Hold Your Breath for Firefox
theiphoneblog.com 10/19/2009 —
This weekend GigaOm brought word that Mozilla was working on an iPhone app. Of course, thoughts turn immediately towards their most famous product — Firefox. However, Apple doesn’t allow 3rd party code interpreters and that means no ...
Mozilla updates Firefox to 3.0.9
macfixit.com 4/24/2009 — Mozilla has released a new update to its popular Web browser, Firefox. New to Firefox 3.0.9, according to the official release notes, are fixes to several security and stability issues, a bug where users would "lose" cookies, and another bug where inline attachments would not display.
Mozilla, Apple fix potential graphics exploit
macnn.com 9/25/2008 — Crash errors in Mozilla's Firefox browser have been fixed with help from Apple, the organization says. Bugs in earlier versions of Firefox 3 were said to have been crashing the software, sometimes generating memory corruption at the same time; Mozilla ...
Security Advisories for Firefox 3.0
mozilla.org 4/22/2009 — Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing. High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those ...
Firefox 3.5: The Technologizer Review
technologizer.com 6/30/2009 — Was it really fewer than five years ago that Firefox 1.0 debuted? Its arrival ended the dismal period in which only one browser–Microsoft’s mediocre Internet Explorer–seemed to be viable. With Firefox, Mozilla proved that millions ...
Latest Firefox 3.1 Beta Adds Multi-Touch Support
macrumors.com 12/10/2008 — On Monday, Mozilla released the latest beta version of Firefox 3.1. This "Beta 2" version of the popular web browser adds a number of new features across all supported platforms including:
- Private Browsing Mode
- Faster Java...
Coming Soon: A Mozilla App for the iPhone
gigaom.com 10/19/2009 — Earlier today when I interviewed Mozilla CEO John Lilly onstage at the Play conference , an annual confab organized by the students of the Haas School of Business at the University of Berkeley, he hinted that the company was going to launch a brand ...
Follow MacBlips on Twitter
