Critical Security Vulnerability In Firefox 3.5

Anupam · 15. Jul 2009, 04:23 PM

A critical security vulnerability has been discovered in Firefox 3.5.

Please read the below link to find out more... and also to fix the vulnerability... atleast for now, until Firefox releases a patch, which will be soon.

http://www.ghacks.net/2009/07/15/cri...n-firefox-3-5/

Anupam · 15. Jul 2009, 04:38 PM

The security vulnerability can be fixed by following this:
Type in about:config in the Firefox address bar and hit enter. Type javascript.options.jit.content in the filter box. Double-click it after finding it, to set it to false.

MidnightCowboy · 15. Jul 2009, 05:51 PM

Do you know if this is still required with NoScript installed?

Anupam · 15. Jul 2009, 07:00 PM

I was thinking the same too, but I really don't have any idea about that.

15. Jul 2009, 07:49 PM

Quote:

Originally Posted by MidnightCowboy

Do you know if this is still required with NoScript installed?

The bug is in the GreaseMonkey 'Just In Time' JavaScript compiler introduced in version 3.5. With NoScript enabled it's not an issue as no JavaScript can be executed for blocked sites. Of course, if you were to unblock a site that had malicious code attached then you'd be 'kippered.' But that's always true (more or less) anyway.

Anupam · 15. Jul 2009, 07:58 PM

Thanks for the insight rikmayell

. So, I think we should be expecting a 3.5.1 release soon from Firefox

.

15. Jul 2009, 08:15 PM

Quote:

Originally Posted by Anupam

Thanks for the insight rikmayell

. So, I think we should be expecting a 3.5.1 release soon from Firefox

.

I imagine quite a few people will be having sleepless nights until they can get 3.5.1 out of the door

MidnightCowboy · 15. Jul 2009, 11:47 PM

Thanks for the info. I only changed back to Firefox so I could use Link Extend. I do wish something similar was available for Opera. I know Opera has a good default security setup but when checking out sites for TSA links there's nothing easier than Link Extend or WOT so I'm a bit stuffed

Downloads are no problem 'coz you can integrate the Dr. Web script but it's so much easier to scan a Google page with red and green dots for the site checks.

Incidentally I made contact with a guy called Suki Takato from Lunascape who was quite chatty until I asked him questions about a security comparison, in particular their own brand surf protection which seems to have died on their website in 2007. The emails stopped coming!

Another one to write off for the time being - three engines or not!

J_L · 16. Jul 2009, 03:45 AM

Time to use SandBoxie more often.. Decreasing my browsing speed is not an option (especially with NoScript as well).

Anupam · 16. Jul 2009, 11:06 AM

I just hope Firefox does not goes the IE way of being full of security issues. That would be sad

15. Jul 2009, 04:23 PM	#1 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,332	Critical Security Vulnerability In Firefox 3.5 A critical security vulnerability has been discovered in Firefox 3.5. Please read the below link to find out more... and also to fix the vulnerability... atleast for now, until Firefox releases a patch, which will be soon. http://www.ghacks.net/2009/07/15/cri...n-firefox-3-5/ __________________ Anupam

15. Jul 2009, 04:38 PM	#2 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,332	The fix The security vulnerability can be fixed by following this: Type in about:config in the Firefox address bar and hit enter. Type javascript.options.jit.content in the filter box. Double-click it after finding it, to set it to false. __________________ Anupam

15. Jul 2009, 05:51 PM	#3 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 15,306	Do you know if this is still required with NoScript installed? __________________ Buy a Hoover and prove technology sucks.

15. Jul 2009, 07:00 PM	#4 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,332	I was thinking the same too, but I really don't have any idea about that. __________________ Anupam

15. Jul 2009, 07:58 PM	#6 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,332	Thanks for the insight rikmayell . So, I think we should be expecting a 3.5.1 release soon from Firefox . __________________ Anupam

15. Jul 2009, 11:47 PM	#8 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 15,306	Thanks for the info. I only changed back to Firefox so I could use Link Extend. I do wish something similar was available for Opera. I know Opera has a good default security setup but when checking out sites for TSA links there's nothing easier than Link Extend or WOT so I'm a bit stuffed Downloads are no problem 'coz you can integrate the Dr. Web script but it's so much easier to scan a Google page with red and green dots for the site checks. Incidentally I made contact with a guy called Suki Takato from Lunascape who was quite chatty until I asked him questions about a security comparison, in particular their own brand surf protection which seems to have died on their website in 2007. The emails stopped coming! Another one to write off for the time being - three engines or not! __________________ Buy a Hoover and prove technology sucks.

16. Jul 2009, 03:45 AM	#9 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 2,003	Time to use SandBoxie more often.. Decreasing my browsing speed is not an option (especially with NoScript as well).

16. Jul 2009, 11:06 AM	#10 (permalink)
Anupam Super Moderator Join Date: Jul 2008 Location: India Posts: 15,332	I just hope Firefox does not goes the IE way of being full of security issues. That would be sad __________________ Anupam

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode