Mozilla warns of critical Firefox JavaScript vulnerability


Mozilla warns of critical Firefox JavaScript vulnerability Staff

Mozilla warned Tuesday that a critical flaw in its new Firefox 3.5 browser could be used to execute malicious code.

The vulnerability is in Firefox 3.5's Just-in-time (JIT) JavaScript compiler, Mozilla reported on its security blog.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

The flaw, which was disclosed Monday, can be exploited by an attacker who dupes a user into viewing a webpage with the malicious code, according to Mozilla.

Danish vulnerability clearinghouse Secunia rated the vulnerability highly critical in its security advisory.

Mozilla is working on a fix for the flaw, but said it can be mitigated by disabling JIT in the JavaScript engine and provided instructions in its blog post. "Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure," the organization noted.