Critical JavaScript flaw hits Firefox 3.5

Mozilla has confirmed a critical vulnerability in its JavaScript compiler.

security key

A newly-discovered critical flaw in Firefox 3.5's JavaScript compiler could be used to execute malicious code, Mozilla developers have admitted.

According to the Mozilla security blog, the vulnerability in the Just-in-time JavaScript compiler was discovered last week - just over a week after Firefox 3.5 was made available for download. The TraceMonkey JavaScript engine has been patched once already.

"Mozilla developers are working on a fix for this issue and a Firefox security update will be sent out as soon as the fix is completed and tested," Mozilla noted on its security blog.

In the mean time, users should either run Firefox in Safe Mode or disable the compiler. Mozilla gave instructions on how to do that here, but acknowledged it would hurt JavaScript performance. The flaw can only be exploited if a Firefox user visits a web page containing malicious code.

Click here for our review of Firefox 3.5 - and here to learn more about the browser.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021