Firefox 3.5 vulnerable to critical Javascript attack

A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack

Erik Larkin (PC World (US online))
15 July, 2009 04:47
Comments

A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack, according to Secunia, which tracks security vulnerabilities.

Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw.

The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a new Javascript processing feature in Firefox 3.5, which Security Fix says will slow down Javascript handling but protect against this exploit. See Brian Krebs' post for instructions. Firefox 3.0 users who haven't yet upgraded shouldn't be vulnerable to this flaw, and won't find the setting that Krebs describes.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Mozilla

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"i need to seen a lates..sumsung galaxy2"

First look: Samsung Galaxy S III
"why am i being railroaded into Facebook. how disappointing. I have been ..."

Spotify tunes into Australia
"Dear Sir, We are very nice to introduce you ourselves. Now we ..."

Telstra and Navman Wireless extend GPS tracking partnership
"Should I REFINANCE a construction loan to a permanent loan OR convert ..."

World’s eyes on Aussie NBN: Conroy
"It's an remarkable paragraph in support of all the online visitors; they ..."

iPhone 5 rumour rollup for the week ending May 27

Tags: firefox 3.5, javascript, security

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

CCSAP FICO ConsultantNT
CCOBIEE ConsultantWA
FTQM Trainer and ConsultantNSW
FTChange Management ProfessionalsNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSales Account ManagerNSW
FTSAP Basis ConsultantACT
FTSAP Basis ConsultantNSW
FTSales Account ManagerNSW
CCSAP PM ConsultantNSW
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

/deals/avg/2009-09-18_71_become-an-avg-reseller

AVG (AU/NZ) Pty Ltd

Become an AVG Reseller and Make Serious Money!

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Spectra Logic and Australian National University Success Story - March 2012

Australian National University (ANU) located in Canberra, and ranked as one of the top universities in Australia, recently deployed two Spectra Logic T950 enterprise tape libraries at the heart of its 9.5 petabyte tape-based active archive to support ANU’s high performance private data cloud storage solution. The cloud-based storage installation with Spectra’s tape-based active archive allows ANU to efficiently support its exponential data growth, accelerate access to its research data, and improve overall data reliability.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management