July 17, 2009 6:08 AM PDT

Security vulnerability found in Firefox 3.5; Update: fixed with 3.5.1

by CNET staff

Font size
Print
E-mail
Share
1 comment

Security specialists, Secunia, have released a highly critical advisory regarding a vulnerability in Mozilla's latest version of its popular Web browser, Firefox.

From Secunia:

"SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 3.5. Other versions may also be affected."

Possible solution
From Secunia:

"Solution: Set "javascript.options.jit.content" to "false" by opening about:config.
Do not browse untrusted websites or follow untrusted links."

As always, be sure to create stable backups of your data regularly. Expect to see a patch for this vulnerability in the next few days from Mozilla.

Resources
Read more about the Firefox vulnerability at Secunia's Web site.

UPDATE: A new version of Firefox (3.5.1) is available that addresses this vulnerability, and is recommended for all Firefox users.

Experiencing problems? Have feedback? Let us know!
You can now follow MacFixIt on Twitter!

Resources

Secunia's Web site

More from Late-Breakers

Topics:: News,; Troubleshooting

Tags:: Late-Breakers

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

Recent posts from MacFixIt: The OS X 10.7 buzz starts--something big in the next release?; MacFixIt Answers; Safari still crashing after update?; Safari 5.0.1 update fixes black Mail backgrounds, autofill, and more; Making the switch to Apple? Get the perfect setup; Apple releases OS X 10.6.4 update for iMacs; trackpad driver; CNET Apple Byte: iPhone to T-Mobile?; iTunes not connecting to the iTunes store after updating

Add a Comment (Log in or register)


by gvibe06 July 18, 2009 6:49 AM PDT: My Firefox went from fast to slow after the update. I'm watching "top" right now, this message is the only tab open in Firefox and I see a consistent 15-20% CPU usage. Plain old 3.5 opened up so much faster; 3.5.1 goes back to the 3.0.11 slow startup speeds.

If someone considered themselves to be in the "<b>not easy to trick</b>" category, how big of a risk is it to go back to 3.5?; Like this Reply to this comment

Navigate MacFixIt

Help
- Hardware
  - iMac,
  - Mac mini,
  - Mac Pro,
  - Macbook,
  - Xserve,
  - AirPort
- Mac OS
  - Snow Leopard,
  - Leopard,
  - Tiger,
  - Panther,
  - Jaguar,
  - Puma,
  - Cheetah,
  - OS 9
- Software
  - iTunes,
  - iPhoto,
  - iMovie,
  - iWork,
  - Backup,
  - Security,
  - Printer
Archives
- Reviews
- News
- Tutorials
- Troubleshooting
- Musings
Utilities
Forums

Ask a Question Submit a Fix

Click Here

About MacFixIt

MacFixIt is CNET's troubleshooting resource for all things Mac. The information here helps you navigate the ins-and-outs of Mac ownership with how-tos, troubleshooting information, news, reviews, and more.

Connect with MacFixIt

Add this feed to your online news reader

MacFixIt Ongoing Issues

MacFixIt Topics

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; CES 2010; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; CNET Widgets; Customer Help Center; RSS; CNET API; About CNET

sponsored

TOP PRODUCTS FROM TOP BRANDS

© 2010 CBS Interactive. All rights reserved.
Privacy Policy
Terms of Use
Mobile User Agreement
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet

Recently Viewed Products
My Lists
TechTracker
log in | join CNET