In association with heise online

15 July 2009, 16:18

Mozilla confirms critical vulnerability in Firefox 3.5

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Mozilla has acknowledged that there is a critical JavaScript vulnerability in its Firefox 3.5 web browser and has confirmed that it's currently working on an update to address the problem. As a workaround, Mozilla advises users to disable the Just-in-time (JIT) JavaScript compiler. To do so, users must first enter about:config into the browsers location bar and then set the javascript.options.jit.content setting value to "false". When making changes to the about:config settings, users will first see a warning message stating that "This might void your warranty" and that changes to the advanced settings can be harmful to the stability, security and performance of Firefox. To continue users must click a button marked "I'll be careful I promise!".

Mozilla notes that disabling the JIT compiler is only a temporary security measure and that it will result in decreased JavaScript performance. Once the update is released, users should change the value back to "true". Alternatively, users running Firefox 3.5 on Windows can run Firefox in Safe Mode, which automatically disables JIT.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit