Firefox 3.5 has a critical JavaScript vulnerability

If you are using Mozilla’s latest browser, Firefox 3.5 then you may be running in risk. There seems to be a critical JavaScript vulnerability in the newly launched 3.5 version of Firefox. Mozilla’s security blog has just published this post describing the vulnerability.

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. You may want to disable javascript’s JIT option till the Firefox team come up with the security patch release. To disable JIT follow these steps:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

Disabling the just in time compiler of javascript can reduce the performance of the javascript heavy webpage. But atleast it will save you till the security update comes. You can enable the JIT option again by following the above steps and changing value of javascript.options.jit.content to true.

View Comments

  • Hey Brian... This will not at all effect the users of Firefox.. Firefox remains the user choice browser. The mozilla team will be working on the patch. I am also using Firefox.

  • Hey, I hope it's happening for all the entries in about:config, that's happening only when you are doing double click on it. May be this is a feature from FF.

  • FF 3.5's JIT seem to cause trouble in some areas in generally. There are several things you might HAVE to change to make your JS working in 3.5. This even affects bigger open source projects, which usually have pretty clean JS code. I decided to stay away from it for now and keep using 3.0.x.

Share
Published by
Viral Patel
Tags: Firefox javascript problem tech stories

Recent Posts

  • Java

Java URL Encoder/Decoder Example

Java URL Encoder/Decoder Example - In this tutorial we will see how to URL encode/decode…

5 years ago
  • General

How to Show Multiple Examples in OpenAPI Spec

Show Multiple Examples in OpenAPI - OpenAPI (aka Swagger) Specifications has become a defecto standard…

5 years ago
  • General

How to Run Local WordPress using Docker

Local WordPress using Docker - Running a local WordPress development environment is crucial for testing…

5 years ago
  • Java

Create and Validate JWT Token in Java using JJWT

1. JWT Token Overview JSON Web Token (JWT) is an open standard defines a compact…

5 years ago
  • Spring Boot

Spring Boot GraphQL Subscription Realtime API

GraphQL Subscription provides a great way of building real-time API. In this tutorial we will…

5 years ago
  • Spring Boot

Spring Boot DynamoDB Integration Test using Testcontainers

1. Overview Spring Boot Webflux DynamoDB Integration tests - In this tutorial we will see…

5 years ago