Firefox releases update to fix severe vulnerability

Share this article:
Firefox late Thursday released an update to its web browser to resolve a major JavaScript vulnerability.

Firefox version 3.5.1 fixes the "critical" flaw, revealed Tuesday by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags. An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system.

Soon after the flaw was disclosed, an exploit based on the Metasploit framework began circulating in the wild, the SANS Internet Storm Center said Tuesday in a blog post.

If the patch cannot be applied immediately, users still running version 3.5 and below can apply a workaround for the vulnerability by disabling the Just-in-Time compiler, used to increase the runtime performance of Java, according to a Mozilla advisory.

More than 20 other minor bugs also were fixed in the update, according to Mozilla. It can be downloaded here.
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.