Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability

Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability

Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3.

UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X.