There has been found an unpatched vulnerability in Firefox 3.5. The vulnerability exists in Just-in-time (JIT) JavaScript compiler and it can be used to execute malicious code. To exploit vulnerability an attacker has to trick user to open specially crafted web page containing the exploit code.
Mozilla offers two methods to workaround the problem until patch is available:
1) Temporary disabling the javascript.options.jit.content setting in about:config
2) Windows users can disable JIT by running Firefox in safe mode. This can be done by selecting Mozilla Firefox (Safe Mode) from the Mozilla Firefox folder.
The third method would be to disable Javascript by default by using NoScript add-on for Firefox.
More information:
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
http://isc.sans.org/diary.html?storyid=6796
http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
Wednesday, July 15, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment