Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Mozilla works to patch Firefox flaw
Published: 2009-07-16

The Mozilla Foundation announced on Wednesday that its developers were working to a patch a serious flaw in the browser that was publicly announced the day before.

The vulnerability, in the browser's just-in-time (JIT) Javascript processor, could be used to execute code on an unsuspecting user's system. On Tuesday, security firm Secunia issued an advisory for the flaw, saying that the issue could be exploited to cause a memory corruption and execute malicious code.

On Wednesday, Mozilla published its own advisory, offering directions on how to turn off JIT processing as a temporary security measure.

"Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure," the organization stated in the advisory. "Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true."

Firefox 3.5, which has the flaw, is Mozilla's latest version of its popular browser. The company released the latest version of the software earlier this month, adding stronger privacy features, such as Private Browsing and a Forget this Site feature.

According to Mozilla's advisory, users can turn of just-in-time processing using the following steps:

  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to false.

The Mozilla Foundation is currently working on a fix for the issue.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus