http://www.ghacks.net A technology blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Tue, 24 Nov 2009 23:31:44 +0000 http://wordpress.org/?v=2.8.6 en hourly 1 http://www.ghacks.net/2009/07/15/critical-security-vulnerability-in-firefox-3-5/ http://www.ghacks.net/2009/07/15/critical-security-vulnerability-in-firefox-3-5/#comments Wed, 15 Jul 2009 12:01:02 +0000 Martin http://www.ghacks.net/?p=14412 A critical security vulnerability affecting Firefox 3.5 has been discovered and published on the security portal Milw0rm entitled Firefox 3.5 Heap Spray Vulnerability. A proof of concept exploit has been provided. In short, the vulnerability can lead to remote code execution. The good news is that a security patch has already been published by Mozilla Links.

The security vulnerability can be fixed the following way. Type in about:config in the Firefox address bar and hit enter. Now filter for the term javascript.options.jit.content and double-click it afterwards to set it to false which disables the Tracemonkey JavaScript engine. This in turn could (and most likely will) reduce the JavaScript performance of the Firefox 3.5 web browser until an official security patch is provided by the Mozilla Firefox team.

The security patch is expected to be released soon by the Firefox development team. Stay tuned, we keep you updated.

Tags: firefox, firefox exploit, firefox patch, firefox vulnerability, mozilla-firefox, security patch, web browser

Related posts

• Latest Firefox Web Browser Vulnerable to 0-Day Exploit (4)
• Web Browser: Firefox 3.0.8 (13)
• Web Browser: Firefox 3.1 Beta 3 (4)
• Web Browser: Firefox 3.0.7 (5)
• Use Firefox Without A Computer Mouse (7)

]]> http://www.ghacks.net/2009/07/15/critical-security-vulnerability-in-firefox-3-5/feed/ 10 http://www.ghacks.net/2009/03/26/latest-firefox-web-browser-vulnerable-to-0-day-exploit/ http://www.ghacks.net/2009/03/26/latest-firefox-web-browser-vulnerable-to-0-day-exploit/#comments Thu, 26 Mar 2009 14:32:58 +0000 Martin http://www.ghacks.net/2009/03/26/latest-firefox-web-browser-vulnerable-to-0-day-exploit/ Dante send me a tip about a 0-day exploit that is affecting the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that is affecting Firefox running on all supported operating systems. A proof of concept has been published by the security researcher and the Mozilla team has acknowledged the existence and announced plans to rush a Firefox 3.0.8 update at the beginning of next week.

The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about the visited websites. The safest would be to switch to another web browser at least for the time until the Mozilla developers have published the update that fixes the vulnerability in the web browser or a hot fix becomes known.

The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification.

Tags: firefox, firefox 3, firefox bu, firefox exploit, firefox security, firefox vulnerability, mozilla-firefox, web browser

Related posts

• Web Browser: Firefox 3.0.8 (13)
• Web Browser: Firefox 3.0.7 (5)
• Critical Security Vulnerability In Firefox 3.5 (10)
• Mozilla Firefox 3.0.11 Released (5)
• Firefox 3.5.3 (11)

]]> http://www.ghacks.net/2009/03/26/latest-firefox-web-browser-vulnerable-to-0-day-exploit/feed/ 4