Firefox releases update to fix severe vulnerability

Share this article:
Firefox late Thursday released an update to its web browser to resolve a major JavaScript vulnerability.

Firefox version 3.5.1 fixes the "critical" flaw, revealed Tuesday by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags. An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system.

Soon after the flaw was disclosed, an exploit based on the Metasploit framework began circulating in the wild, the SANS Internet Storm Center said Tuesday in a blog post.

If the patch cannot be applied immediately, users still running version 3.5 and below can apply a workaround for the vulnerability by disabling the Just-in-Time compiler, used to increase the runtime performance of Java, according to a Mozilla advisory.

More than 20 other minor bugs also were fixed in the update, according to Mozilla. It can be downloaded here.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.