Mozilla warns of critical Firefox JavaScript vulnerability

Attackers could exploit the flaw by tricking a user into viewing a website with the malicious code.

Mozilla warned Tuesday that a critical flaw in its new Firefox 3.5 browser could be used to execute malicious code.

The vulnerability is in Firefox 3.5's Just-in-time (JIT) JavaScript compiler, Mozilla reported on its security blog. The flaw, which was disclosed Monday, can be exploited by an attacker who dupes a user into viewing a webpage with the malicious code, according to Mozilla.

Danish vulnerability clearinghouse Secunia rated the vulnerability highly critical in its security advisory.

Mozilla is working on a fix for the flaw, but said it can be mitigated by disabling JIT in the JavaScript engine and provided instructions in its blog post. "Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure," the organization noted.

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close