Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Mozilla Developers Work on Security Fix for New Firefox 3.5 Vulnerability

Software company 'Mozilla' announced on July 15, 2009 that its security specialists were developing a security fix that would patch a potentially severe vulnerability, which was publicly declared on July 14, 2009, as reported by SecurityFocus on July 16, 2009.

The vulnerability, related to memory corruption, exists in the most recent edition of the Firefox browser (i.e. Firefox 3.5) issued during late June 2009. The exploit could enable hackers to plant malicious code on affected computers.

Meanwhile, Secunia, the security notification company, describes the bug as 'highly critical' and says that it arises from faults while using JavaScript code. The bug is placed in Firefox's JIT (just-in-time) JavaScript, Secunia reports. The company also states that besides the new edition, previous editions of the widely used browser could be affected.

Hence, Secunia recommends that Firefox users stay away from browsing unreliable websites or clicking on similar web-links till Mozilla releases a fix, as the company apprehends that exploitable malware could be dropped on users' systems.

On July 15, 2009, Mozilla released a security advisory, providing the steps for disabling the JIT feature that could serve as a tentative measure for Firefox's security.

The advisory, however, drew users' notice to the fact that turning off JIT would lead to reduced JavaScript performance but it was only a tentative measure of security. Nonetheless, once the security patch became available, they could enable their JIT.

The time when an un-patched security flaw appeared within Firefox could hardly be worse, as it corresponds with Microsoft's confirmation on July 13, 2009 about a second yet-to-be-patched ActiveX vulnerability affecting the Internet Explorer browser.

Understandably, of the two vulnerabilities affecting Internet Explorer, only one would possibly have a fix within Microsoft's monthly update as part of its Patch Tuesday cycle. Thus, selecting Firefox currently, in place of IE while both the browsers contain unresolved flaws does not make sense. Consequently, Windows users would have to search for an alternative surfing application that is sufficiently secure with the selection restricting to only Google Chrome, Safari and Opera.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 8/6/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next