AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 14th July, 2009, 09:59 PM
MUff1N's Avatar
Member
 
Join Date: October 2007
Location: Payson/AZ
Posts: 1,905

Exclamation Firefox 3.5 Highly Critical Security hole found!

And here I was all happy about the newest FF because of it's speed & stuff. This is a bad security hole too~
Right NOW IE8 is more secure than Firefox 3.5!
Now that's just sad...this need to be fixed quick! (Security work around fix below)

More...

Description:
SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Security Workaround (fix)

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true by:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to true.
Attached Thumbnails
Firefox 3.5 Highly Critical Security hole found!-about-config.jpg  
__________________



EVGA GTX 470 SC 37% OC (855/1710/2004) 160.5Gbs
3DMark Vantage: P24352
3DMark 11: P5119

Last edited by MUff1N; 14th July, 2009 at 10:22 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 15th July, 2009, 03:03 AM
robbie's Avatar
AOA Staff
 
Join Date: November 2001
Location: Out in the desert of Ca.
Posts: 12,548
Send a message via AIM to robbie Send a message via MSN to robbie Send a message via Yahoo to robbie Send a message via Skype™ to robbie

Thanks for the 411.
__________________
Taking each day as it comes
Grow, learn and OVERCLOCK. Need help?? Ask me.
Your Mommy!! (Aug/02) Welcome to the fold.
Buy it, Sell it, or Trade it in the AoA classifieds!!
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 15th July, 2009, 07:09 PM
MUff1N's Avatar
Member
 
Join Date: October 2007
Location: Payson/AZ
Posts: 1,905

Arrow If you don't mind a few bugs, installed the Nightly build!

For those that don't mind a few bugs here & there you can also use the newest Nightly build Minefield v3.6a1pre which has this issue FIXED!

So you see they are already on top of this & will add this fix to 3.5 shortly for Public release!~
You can download that here... Index of /pub/mozilla.org ... est-trunk/

I just switched to the Nightly build "Minefield" 3.6 & it's really fast! No bugs I can report...
If you use this addon Nightly Tester Tools you can still use all your favorite extensions & themes too!
Just click the Override All Compatibility button (screeny) & it's fixed! So far everything works fine...man it's fast!

You can download the Nightly Tester Tools addon here---> https://addons.mozilla.org/en-US/firefox/addon/6543
Attached Thumbnails
Firefox 3.5 Highly Critical Security hole found!-image-0.jpg  
__________________



EVGA GTX 470 SC 37% OC (855/1710/2004) 160.5Gbs
3DMark Vantage: P24352
3DMark 11: P5119

Last edited by MUff1N; 15th July, 2009 at 07:12 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 17th July, 2009, 12:06 PM
MUff1N's Avatar
Member
 
Join Date: October 2007
Location: Payson/AZ
Posts: 1,905

Thumbs up Patched Firefox v3.5.1 released!

As I said they more than likely by the end of the week would have Firefox patched & they have!
So if you're still using 3.5 go get the updated patched version now! Mozilla | Firefox web browser & Thunderbird email client

If you applied the jit work-around fix you'll have to manually undo it as that setting won't change just because you updated Firefox.
__________________



EVGA GTX 470 SC 37% OC (855/1710/2004) 160.5Gbs
3DMark Vantage: P24352
3DMark 11: P5119
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 26th July, 2009, 02:27 AM
cloasters's Avatar
Asst. BBS Administrator
 
Join Date: September 2001
Location: Location, Location
Posts: 21,956

Pretty sure I read that 3.5.1 has a vulnerability that's serious enough, on /. Disabling Java Script is recommended, and yes that causes PITA's.
__________________
When the world will be better.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
New attack proves critical Windows bug 'highly exploitable' Daniel ~ OS, Software, Firmware, and BIOS 6 7th February, 2008 03:34 PM
Microsoft fixes biggest security hole tevildo OS, Software, Firmware, and BIOS 8 6th December, 2006 11:35 AM
Security hole found in Gmail cloasters Data Security 5 1st November, 2004 05:17 PM
Big Windows NT/2000/XP security hole Áedán Data Security 16 8th August, 2003 09:45 PM
GIANT security hole in Win 98 and ME, and XP Daniel ~ Random Nonsense! 13 24th December, 2001 11:05 PM


All times are GMT +1. The time now is 12:06 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0