Mozilla Released Updates for Firefox Version 3.5

Mozilla, an open source organization, released the first collection of updates on July 21, 2009 for Firefox 3.5 released in early July 2009.

The new version of Firefox 3.5.1 patched 22 security related issues and a number of stability issues. These issues also include one critical flaw that leads to corruption of JIT (Just-In-Time) compiler state. This results in an exploitable corruption issue that might enable hackers to execute a malicious code such as malware, said Mozilla.

The open source organization has given credit of separating the problematic script from original crashing site to Nochum Sossonko and Lucas Kruijswijk. Users who have not installed Firefox 3.5.1 are not required to look for security patch or update as they are immune to any vulnerability arising from malware attacks through the same flaw in JIT.

Meanwhile, Mozilla has denied accepting the fact that the bug breaks down Firefox 3.5 is a security flaw. In a blog post, Mike Shaver, Vice President of Engineering, Mozilla, said that the flaw was originally found on the milw0rm hacker site and it was not a flaw, as reported by ComputerWorld on July 20, 2009.

He further added that the reports from press and various security agencies had wrongly called it as an exploitable bug. They did a systematic research on the issue and reached a conclusion that it was not a flaw. Besides, they did not see any incidence of its exploitation.

Moreover, attackers could not exploit the vulnerability by infusing malicious code on users' machines. However, the flaw could damage Mac, Linux, Windows and various editions of Firefox if it ran on the still-unfinished Windows 7.

According to Mozilla, the crashing of Firefox on Macs was primarily due to flaw in Apple's operating system particularly the ATSUI system library. Vladimir Vukicevic, Mozilla developer, countered that Apple was unlikely to fix the problem although they reported the issue to Apple. But in case Apple does not release a fix, then they will try to implement mitigations in Mozilla code, said Shaver.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 8/10/2009