The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Critcal JavaScript Vulnerability Issue in Firefox 3.5


Administrator / Manager

Status: Offline
Posts: 2499
Date:
Critcal JavaScript Vulnerability Issue in Firefox 3.5
Permalink   


Yikes!

Issue

A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.

Impact

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure. Once users have been received the security update containing the fix for this issue, they should restore the JIT setting to true by:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to true.



JavaScript Issue in Firefox 3.5

__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net


Administrator / Manager

Status: Offline
Posts: 2410
Date:
Permalink   

Hmmmm -- the hackers have discovered Firefox huh -- it was just a matter of time!!
no confuse confuse no



__________________

Vindicated th_Worm.gif



Administrator / Manager

Status: Offline
Posts: 2499
Date:
Permalink   

There is an add-on called "No Script" that does not allow Javascript to be executed from websites without the user's permission. That is what I've used ever since I've used Firefox.

No-Script

No-Script Website



-- Edited by barney on Thursday 16th of July 2009 12:31:41 AM

__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net


Administrator / Manager

Status: Offline
Posts: 2410
Date:
Permalink   

NoScript sounds similar to WinPatrol.
Looks like a good program to have!



__________________

Vindicated th_Worm.gif



Administrator / Manager

Status: Offline
Posts: 2499
Date:
Permalink   

Indeed so, Vin. I highly recommend it!wink.gif

__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net


Administrator / Manager

Status: Offline
Posts: 2410
Date:
RE: Critical Java Script Vulnerability Issue in Firefox 3.5
Permalink   


Comments from WinPatrol's BillP (my guru) here.



__________________

Vindicated th_Worm.gif



Manager

Status: Offline
Posts: 1130
Date:
RE: Critcal JavaScript Vulnerability Issue in Firefox 3.5
Permalink   


UpdateHERE

Alan

__________________

Where's the money, Lebowski?toilet gif



Administrator / Manager

Status: Offline
Posts: 2410
Date:
Permalink   

Gotta try Firefox one of these days!!
(So much to do -- so little time!)
biggrin biggrin biggrin biggrin
BillP's most recent blog on Firefox here.



-- Edited by Vindicated on Saturday 18th of July 2009 09:14:42 AM

__________________

Vindicated th_Worm.gif

Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard