Mozilla releases patch for Java Script Vulnerability

Posted on July 17, 2009. Filed under: Computer, News, Security, Softwares, Web, Windows/7 | Tags: , , , , , |


    A bug discovered earlier this week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly by S.Berry on milw0rm. Just after three days worth of testing later, Mozilla has pushed out Firefox 3.5.1, with a fix for this error as well as corrections for several other bugs.

    “ Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.”

    The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Oddly enough, TraceMonkey was already set to be patched this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5. In other words, while vulnerabilities like this are horrible, this one came at a perfect time as developers were already giving TraceMonkey a thorough cleaning.


  • Super Speed new
    View Web pages way faster, using less of your computer’s memory.
  • Anti-Phishing & Anti-Malware improved
    Enjoy the most advanced protection against online bad guys.
  • Session Restore improved
    Unexpected shutdown? Go back to exactly where you left off.
  • One-Click Bookmarking
    Bookmark, search and organize Web sites quickly and easily.
  • Easy Customization improved
    Thousands of add-ons give you the freedom to make your browser your own.
  • Tabs improved
    Do more at once with tabs you can organize with the drag of a mouse.
  • Instant Web Site ID
    Avoid online scams, unsafe transactions and forgeries with simple site identity.

      I strongly recommend that all firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. You can download Firefox 3.5.1 from official Mozilla site.

Download Firefox 3.5.1


One Response to “Mozilla releases patch for Java Script Vulnerability”

RSS Feed for AKS-Feel The Change! Comments RSS Feed

[…]     Currently there is no patch for this vulnerability In addition, this vulnerability was discovered by the same person who published details on the previously patched flaw. […]

Comments are closed.

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: