AOA Forums

AOA Forums (http://www.aoaforums.com/forum/index.php)
-   Data Security (http://www.aoaforums.com/forum/forumdisplay.php?f=63)
-   -   Firefox 3.5 Highly Critical Security hole found! (http://www.aoaforums.com/forum/showthread.php?t=47544)

MUff1N 14th July, 2009 09:59 PM

Firefox 3.5 Highly Critical Security hole found!
 
1 Attachment(s)
And here I was all happy about the newest FF because of it's speed & stuff. This is a bad security hole too~ :(
Right NOW IE8 is more secure than Firefox 3.5! :eek:
Now that's just sad...this need to be fixed quick! (Security work around fix below)

More...

Description:
SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Security Workaround (fix)

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true by:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to true.

robbie 15th July, 2009 03:03 AM

Thanks for the 411.

MUff1N 15th July, 2009 07:09 PM

If you don't mind a few bugs, installed the Nightly build!
 
1 Attachment(s)
For those that don't mind a few bugs here & there you can also use the newest Nightly build Minefield v3.6a1pre which has this issue FIXED!

So you see they are already on top of this & will add this fix to 3.5 shortly for Public release!~
You can download that here... Index of /pub/mozilla.org ... est-trunk/

I just switched to the Nightly build "Minefield" 3.6 & it's really fast! No bugs I can report...
If you use this addon Nightly Tester Tools you can still use all your favorite extensions & themes too!
Just click the Override All Compatibility button (screeny) & it's fixed! So far everything works fine...man it's fast! :eek:

You can download the Nightly Tester Tools addon here---> https://addons.mozilla.org/en-US/firefox/addon/6543

MUff1N 17th July, 2009 12:06 PM

Patched Firefox v3.5.1 released!
 
As I said they more than likely by the end of the week would have Firefox patched & they have! :thumbsup:
So if you're still using 3.5 go get the updated patched version now! Mozilla | Firefox web browser & Thunderbird email client

If you applied the jit work-around fix you'll have to manually undo it as that setting won't change just because you updated Firefox. ;)

cloasters 26th July, 2009 02:27 AM

Pretty sure I read that 3.5.1 has a vulnerability that's serious enough, on /. Disabling Java Script is recommended, and yes that causes PITA's.


All times are GMT +1. The time now is 01:44 PM.


Copyright ©2001 - 2010, AOA Forums


Search Engine Friendly URLs by vBSEO 3.3.0