Firefox 3.5 opasnost!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has

warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler.

Proof-of-concept code to exploit the vulnerability has been posted online by a security

research group, Mozilla said in a post on its security blog on Wednesday. Security

company Secunia rated the vulnerability as "highly critical" on Wednesday.

The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That

means an attacker may be able to execute malicious code on a target machine, if the

victim visits a Web site containing an exploit.

No patch is currently available, but Mozilla developers are working on a fix. A

workaround suggested in the blog post is to disable the Firefox 3.5 JIT compiler.

However, Mozilla warned this would result in decreased JavaScript performance in

Firefox.

The JIT compiler is part of TraceMonkey, which was added to Firefox for its 3.5 update

released at the end of June. TraceMonkey is meant to optimise the browser, which is

faster than previous iterations of Firefox, according to Mozilla.

On Wednesday, the United States Computer Emergency Response Team said users and

administrators should completely disable JavaScript functionality in Firefox 3.5.

The Sans Institute also said people could disable JavaScript, and suggested using

NoScript, an open-source Firefox plug-in that only allows script to be executed by

trusted Web sites.

Moja greska,izvinjavam se.
Izvor informacije CNET: http://news.cnet.com/8301-1009_3-10287172-83.html?tag=contentMain;contentBody

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada se prenosi neki tekst , clanak , bilo sta, navodi se izvor. Obavezno.
Ispravi poruku