Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Highly Critical JavaScript vulnerability in Firefox 3.5


14 Jul 2009   #1

Windows® 7 Ultimate x64 SP1
 
 
Highly Critical JavaScript vulnerability in Firefox 3.5

Critical JavaScript vulnerability in Firefox 3.5

07.14.09 - 10:15am
Issue
A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.
Impact
The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:
  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to false.
Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true by:
  1. Enter about:config in the browser’s location bar.
  2. Type jit in the Filter box at the top of the config editor.
  3. Double-click the line containing javascript.options.jit.content setting the value to true.
Alternatively, users can disable the JIT by running Firefox in Safe Mode. Windows users can do so by selecting Mozilla Firefox (Safe Mode) from the Mozilla Firefox folder.




Attached Images
 
My System SpecsSystem Spec
.

15 Jul 2009   #2

Windows® 7 Ultimate x64 SP1
 
 
If you don't mind a few bugs install the Nightly build

For those that don't mind a few bugs here & there you can also use the newest Nightly build Minefield v3.6a1pre which has this issue FIXED!

So you see they are already on top of this & will add this fix to 3.5 shortly for Public release!~
You can download that here... Index of /pub/mozilla.org ... est-trunk/

I just switched to the Nightly build "Minefield" 3.6 & it's really fast! No bugs I can report...
If you use this addon Nightly Tester Tools you can still use all your favorite extensions & themes too!
Just click the Override All Compatibility button (screeny) & it's fixed! So far everything works fine...man it's fast!

You can download the Nightly Tester Tools addon here---> https://addons.mozilla.org/en-US/firefox/addon/6543


Attached Thumbnails
Highly Critical JavaScript vulnerability in Firefox 3.5-nightly-tester-tools-override-all-compatibility.jpg  
My System SpecsSystem Spec
15 Jul 2009   #3

Windows 7 Pro & Vista Home Premium
 
 

Nice catch MUff1N

Thanks for the link also.
My System SpecsSystem Spec
.


17 Jul 2009   #4

Windows® 7 Ultimate x64 SP1
 
 
As I said, fixed by the end of the week!

As I said they more than likely by the end of the week would have Firefox patched & they have!
So if you're still using 3.5 go get the updated patched version now! Mozilla | Firefox web browser & Thunderbird email client

If you applied the jit work-around fix you'll have to manually undo it as that setting won't change just because you updated Firefox.
My System SpecsSystem Spec
Reply

 Highly Critical JavaScript vulnerability in Firefox 3.5




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:23 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33