| Wednesday April 16th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Stopgap Fix for Critical Firefox 3.5 Security Hole


Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla’s new Firefox 3.5 Web browser have been posted online. firefoxSo, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability.

The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript.


Vulnerability watcher Secunia rates this flaw “highly critical,” noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site.

Fortunately, there is a relatively easy fix for this that can be reversed once Mozilla issues a patch. To disable the vulnerable component, open up a new Firefox window and type: about:config in the browser’s address bar. In the “filter” box, type jit and you should see a setting called javascript.options.jit.content . You should notice that beside that setting it reads “true,” meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to “false” . That’s it.

Note that making this change will slow down Javascript rendering in Firefox 3.5 to 3.0 speeds, but that may be a worthwhile trade-off for readers concerned about the availability of exploit code for this flaw.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.