Firefox 3.5 vulnerable to critical Javascript attack

A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack

Erik Larkin (PC World (US online))
15 July, 2009 04:47
Comments

A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack, according to Secunia, which tracks security vulnerabilities.

Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw.

The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a new Javascript processing feature in Firefox 3.5, which Security Fix says will slow down Javascript handling but protect against this exploit. See Brian Krebs' post for instructions. Firefox 3.0 users who haven't yet upgraded shouldn't be vulnerable to this flaw, and won't find the setting that Krebs describes.

Come socialise with us! Facebook | LinkedIn

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Mozilla

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Yes, I agree the Samsung tablet is a good product with some ..."

REVIEW: Is the Samsung Galaxy Tab 10.1 the new king of Android tablets?
"Has anyone seen the new "Friend Project" social network site? It copies ..."

MySpace: The next hot social network?
"It should read as Australasian owned, not Australian owned."

Datacom joins AFP, Microsoft and ninemsn to support ThinkUKnow
"the new lenovo x130e 's r alright but they blocked eveything '"

Lenovo awarded NSW DET netbook contract
"Have you any idea just about any cheap�discount�hotels in Espoo, Finland?"

Telstra-NBN Co wholesale broadband agreement “imminent”

Tags: firefox 3.5, javascript, security

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

Synnex

Lenovo February and March Hot Deal 3

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Whitepapers

Premier Media Group Fast Study

A Fast Study is a succinct, easy to read Case Study. Spectra Logic aims to provide an overview of how to obtain the right solution for data archive, backup and recovery.

Most Popular Whitepapers

HiveManager Online: Less Dollars, More Sense

Today’s de facto standard controller-based Wi-Fi infrastructure model is just too complicated, too expensive, and too unreliable. It’s common for enterprise and mid-market network operators alike to get caught in a crossroads of compromises involving costs, complexity, features, and reliability.

Popular tags: Business Management, Security, Storage, Data Centre, Master Data Management

Market Place