Firefox 3.5 vulnerable to critical Javascript attack
- 15 July, 2009 04:47
- Comments
A critical flaw in the way Firefox 3.5 handles Javascript opens the door to a serious attack, according to Secunia, which tracks security vulnerabilities.
Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw.
The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a new Javascript processing feature in Firefox 3.5, which Security Fix says will slow down Javascript handling but protect against this exploit. See Brian Krebs' post for instructions. Firefox 3.0 users who haven't yet upgraded shouldn't be vulnerable to this flaw, and won't find the setting that Krebs describes.
Come socialise with us! Facebook | LinkedIn
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- In Search of the Long-Term Archiving Solution —Tape Continues to Be a Major Player
- Aberdeen Group: Building Business Resilience Through Active Archive
- Spectra Logic and Australian National University Success Story - March 2012
- In Search of the Long-Term Archiving Solution —Tape Delivers Significant TCO Advantage over Disk
- Premier Media Group Fast Study
-
Facebook scammers host Trojan horse extensions on the Chrome Web Store
-
Webroot: Growth in security
-
Sice quits Acronis, joins Staples
-
Sice quits Acronis, joins Staples
-
Conroy to receive secret filter forum report
Get exclusive access to ARN's news, research and invitation only events. 
Comments
Post new comment