Firefox releases update to fix severe vulnerability
Firefox late Thursday released an update to its web browser to resolve a major JavaScript vulnerability.Firefox version 3.5.1 fixes the "critical" flaw, revealed Tuesday by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags. An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system.
Soon after the flaw was disclosed, an exploit based on the Metasploit framework began circulating in the wild, the SANS Internet Storm Center said Tuesday in a blog post.
If the patch cannot be applied immediately, users still running version 3.5 and below can apply a workaround for the vulnerability by disabling the Just-in-Time compiler, used to increase the runtime performance of Java, according to a Mozilla advisory.
More than 20 other minor bugs also were fixed in the update, according to Mozilla. It can be downloaded here.
