As reported by the Milw0rm website, Firefox 3.5 has one big security vulnerability (entitled Firefox 3.5 Heap Spray Vulnerabilty) which exists in Tracemonkey, the new JavaScript rendering engine developed by Mozilla. The instructions for hackers regarding how to use the Firefox 3.5 security flaw can be found already online, therefore an attacker is able to take total control of any computer running Firefox 3.5 through remote code execution techniques, because a patch is not yet available. Mozilla has confirmed the existence of the Firefox browser vulnerability in the way in which JavaScript is handled by Tracemonkey engine.

On the other hand, Secunia has rated this Firefox 3.5 security as being “highly critical”, allowing to the attacker to access the system remotely: “The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code.” This type of vulnerability could also be found in previous versions of Firefox too, according to Secunia.

The critical security flaw, discovered in version 3.5 of Firefox web browser is easy to fix by following the next two steps, such that Tracemonkey Javascript engine will be disabled: enter about:config in the browser address bar and from the advanced preferences window set the value false for javascript.options.jit.content by double clicking on its corresponding entry.

The disabling of the Tracemonkey Javascript engine in Firefox 3.5 will definitely lead to a decrease of the web pages loading performance, but will keep your computer safe, until a patch will be released.

Related Articles

• Opera 10 Beta 2: A Solution For Older Computers (0)
• Firefox 3.5.1 Crashed By A Simple JavaScript (2)
• Yahoo! Mail’s New Apps: PayPal, Zumo Drive, Picnik, OtherInbox and Photobucket (0)
• Website Development Within Web Browsers: Firebug (0)
• Two New Milestones For Fennec: 1.0 Beta (Maemo) And 1.0 Alpha 2 (Windows Mobile) (0)
• Two New Firefox Stable Releases Are Available For Free Download: Firefox 3.0.2 and Firefox 2.0.0.17 (0)

This entry was posted on Wednesday, July 15th, 2009 at 8:11 am and is filed under Web Browsers, Web Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.