Firefox 3.5's First Vulnerability "Self-Inflicted"

Posted by CmdrTaco on Thursday July 16, 2009 @02:25AM from the that-sounds-all-emo dept.

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

2 of 156 comments (clear)

Min score:

Reason:

Sort:

Re:Nice test for the open source community by fedxone-v86 · 2009-07-16 02:49 · Score: 5, Informative

If you had read the bugzilla thread (I know, I know) you'd know it's already fixed ;)

--
(USER WAS PUT ON PROBATION FOR THIS POST)
Temporary fix by AdmiralXyz · 2009-07-16 02:58 · Score: 5, Informative

According to TFA, the temporary fix is to disable TraceMonkey (JavaScript will still work). Set 'javascript.options.jit.content' in about:config to false until the patch is released.

--
Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.