Firefox releases update to fix severe vulnerability

Share this article:
Firefox late Thursday released an update to its web browser to resolve a major JavaScript vulnerability.

Firefox version 3.5.1 fixes the "critical" flaw, revealed Tuesday by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags. An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system.

Soon after the flaw was disclosed, an exploit based on the Metasploit framework began circulating in the wild, the SANS Internet Storm Center said Tuesday in a blog post.

If the patch cannot be applied immediately, users still running version 3.5 and below can apply a workaround for the vulnerability by disabling the Just-in-Time compiler, used to increase the runtime performance of Java, according to a Mozilla advisory.

More than 20 other minor bugs also were fixed in the update, according to Mozilla. It can be downloaded here.
Share this article:

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.