Firefox update addresses critical security hole

By on July 17, 2009, 12:06 PM
Mozilla has just released an updated version of its popular open source browser software to address a security vulnerability that had become the target of several attacks in recent days. Firefox 3.5.1 patches a critical flaw in the new TraceMonkey JavaScript engine’s just-in-time (JIT) compiler, which was discovered last week and publicly disclosed just three days ago.

Exploit code for the vulnerability was posted online this past Tuesday, so kudos to Mozilla for acting swiftly on what might otherwise have been a potentially nasty problem – enabling attackers to install malware on vulnerable machines. This update also appears to fix a number of other stability and security issues. Users who have turned off automatic updates can use the “Check for Updates...” feature under Help or choose the appropriate OS below to download.

If you followed our advice on how to avoid infection and disabled the JIT compiler, you might want to revert things to speed up your browser’s JavaScript performance. Just enter “about:config” in the address bar and double-click the line containing “javascript.options.jit.content”, which should change the value to “true”.

Download: Firefox 3.5.1 for Windows | Mac OS X | Other systems and languages




User Comments: 8

Got something to say? Post a comment
fastvince said:

This makes me wonder how many other security flaws are in it that they don't know about yet. This is one reason why I stopped using IE, now will FF start having the same problems ? I might go back to text only browsing !

Vrmithrax Vrmithrax, TechSpot Paladin, said:

fastvince said:

This makes me wonder how many other security flaws are in it that they don't know about yet. This is one reason why I stopped using IE, now will FF start having the same problems ? I might go back to text only browsing !

Well, considering there have only been a handful of documented security issues that are actually wholly related to FF, and not general Windows type (or java) security flaws that all browsers suffer from, I think FF is still the safer bet... Considering I've lost count of how many IE bugs, flaws, and exploits have been found and patched over the years - and, of course, how many times IE has crashed or locked up on me, compared to FF.

It always amused me when MS would come out with the "newest greatest most stable EVAR" version of IE, and then it would crash consistently trying to load the MSN page... Irony.

tengeta tengeta said:

Between Flashblock, Adblock, and me only turning on Java when I know I want it, I already do text only browsing.

As Firefox's market share continues to increase, the threats against it will as well. Problem here is that Opera sucks too much to move on to LOL.

Guest said:

This is one of the MAIN reasons as to why I love FireFox and any open source app or operating system for that matter. Measure the time frame as to how long it took for the public community to fix a security threat problem. Really quick. If this was proprietary software like MS IE I'm sure that it would take them a lot longer for them to launch an update to fix a problem. Or perhaps they would launch it later on with a total package of a service pack update for the whole OS. I only wished that some 3rd party app (especially from the graphic field) would work properly on open source OS cause only then I would be gladly to move from MS to Linux in a heart beat.

ob1kanobi said:

a little too late... it was this fault that caused my hard drive to lose its entire contents. thanks for nothing Firefox.

Next release, DON'T rush to get it out there; let firefox users decide what all they want to be part of the update.

Staff
Rick Rick, TechSpot Staff, said:

Between Flashblock, Adblock, and me only turning on Java when I know I want it, I already do text only browsing.

http://pachome1.pacific.net.sg/~kennethkwok/lynx/

captaincranky captaincranky, TechSpot Addict, said:

Between Flashblock, Adblock, and me only turning on Java when I know I want it, I already do text only browsing.

As Firefox's market share continues to increase, the threats against it will as well. Problem here is that Opera sucks too much to move on to LOL.

"No Script" already kills flash, so with that extension "Flash Block" is redundant. And you're correct, (to a certain extent) about Opera. But, only by virtue of the fact that it doesn't have the same security add-ons available that FF does.

Most users would consider text only browsing as way too bland, and for most everyday uses, impractical.

T77 T77 said:

fastvince said:

This makes me wonder how many other security flaws are in it that they don't know about yet. This is one reason why I stopped using IE, now will FF start having the same problems ? I might go back to text only browsing !

no browser is perfect,every single one out there has a flaw.

thats why there are newer versions and patches

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.