Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Stopgap Fix for Critical Firefox 3.5 Security Hole

  1. #1
    MrMBerman's Avatar
    MrMBerman is offline Senior Member
    Join Date
    Mar 2009
    Location
    Tel Aviv / London / Bukidnon
    Posts
    340

    Default Stopgap Fix for Critical Firefox 3.5 Security Hole

    Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, Security Fix is posting instructions to help readers protect themselves from this vulnerability.

    The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript.



    Vulnerability watcher Secunia rates this flaw "highly critical," noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site.

    Fortunately, there is a relatively easy fix for this that can be reversed once Mozilla issues a patch. To disable the vulnerable component, open up a new Firefox window and type "about:config" (without the quotes) in the browser's address bar. In the "filter" box, type "jit" and you should see a setting called "javascript.options.jit.content". You should notice that beside that setting it reads "true," meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to "false." That's it.

    Note that making this change will slow down Javascript rendering in Firefox 3.5 to 3.0 speeds, but that may be a worthwhile trade-off for readers concerned about the availability of exploit code for this flaw.

  2. #2
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Many thanks marcEmarc,
    I was aware of this security issue.
    I use "no script" add on and I surf only trusted webpage, so I hope to be protected enough

  3. #3
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    Thanks for a very useful and informative posting

  4. #4
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    THANKS !

    fixed it...

    ---------- Post added at 04:13 PM ---------- Previous post was at 03:58 PM ----------

    hi !

    after doing some searching, i found the information on secunia´s page:
    Mozilla Firefox Memory Corruption Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com

    marcEmarc: it´s always nice to post a link to the source...

  5. #5
    MrMBerman's Avatar
    MrMBerman is offline Senior Member
    Join Date
    Mar 2009
    Location
    Tel Aviv / London / Bukidnon
    Posts
    340

    Default

    I would normally post a link to the source but the hyperlink option was not working here is the original article Security Fix - Stopgap Fix for Critical Firefox 3.5 Security Hole

  6. #6
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default Firefox 3.5.1 available

    FF 3.5.1 available

    ftp://ftp.mozilla.org/pub/mozilla.or...s/3.5.1/win32/

    choose your language
    Last edited by leofelix; 16th July 2009 at 21:19.

  7. #7
    roraniel's Avatar
    roraniel is offline Gold Member
    Join Date
    Oct 2008
    Location
    Pinehurst, NC
    Posts
    860

    Default

    Fixed.

    On a side note my latest Secunia Scan shows that IE8 is insecure with no updates available. Anyone have details on that situation?

  8. #8
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    leofelix: "FF 3.5.1 available

    ftp://ftp.mozilla.org/pub/mozilla.or...s/3.5.1/win32/

    choose your language"

    DON´T do that !

    i couldn´t find 3.5.1 on the main page, so i decided to have a look at why it wasn´t there...

    first read what the index.html-file ftp://ftp.mozilla.org/pub/mozilla.or...-US/index.html

    in the ftp-folder says:

    "Firefox 3.5.1 is coming soon!

    Thanks for your interest in the upcoming release of Firefox 3.5.1, but there's still a bit more left to do before we're ready. We're asking for our users and fans to be patient and wait until it appears on the official Firefox website before downloading."

    it´s NOT available yet....
    Last edited by hackerman1; 16th July 2009 at 23:01.

  9. #9
    knightrider™'s Avatar
    knightrider™ is offline Gold Member
    Join Date
    Jul 2008
    Location
    India
    Posts
    754

    Default

    Fix the bug by downloading the update firefox 3.5.1 check here

  10. #10
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    knightrider: may i suggest that you read the 2 previous posts above (by leofelix & myself) ?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22