Firefox releases update to fix severe vulnerability

Share this article:
Firefox late Thursday released an update to its web browser to resolve a major JavaScript vulnerability.

Firefox version 3.5.1 fixes the "critical" flaw, revealed Tuesday by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags. An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system.

Soon after the flaw was disclosed, an exploit based on the Metasploit framework began circulating in the wild, the SANS Internet Storm Center said Tuesday in a blog post.

If the patch cannot be applied immediately, users still running version 3.5 and below can apply a workaround for the vulnerability by disabling the Just-in-Time compiler, used to increase the runtime performance of Java, according to a Mozilla advisory.

More than 20 other minor bugs also were fixed in the update, according to Mozilla. It can be downloaded here.
Share this article:

Sign up to our newsletters

More in News

Russian hacker Seleznev ordered to remain in custody

Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.

Bug in iOS Instagram app fixed, impacts Facebook accounts

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk ...

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.