|
There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has
warned.
The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler.
Proof-of-concept code to exploit the vulnerability has been posted online by a security
research group, Mozilla said in a post on its security blog on Wednesday. Security
company Secunia rated the vulnerability as "highly critical" on Wednesday.
The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That
means an attacker may be able to execute malicious code on a target machine, if the
victim visits a Web site containing an exploit.
No patch is currently available, but Mozilla developers are working on a fix. A
workaround suggested in the blog post is to disable the Firefox 3.5 JIT compiler.
However, Mozilla warned this would result in decreased JavaScript performance in
Firefox.
The JIT compiler is part of TraceMonkey, which was added to Firefox for its 3.5 update
released at the end of June. TraceMonkey is meant to optimise the browser, which is
faster than previous iterations of Firefox, according to Mozilla.
On Wednesday, the United States Computer Emergency Response Team said users and
administrators should completely disable JavaScript functionality in Firefox 3.5.
The Sans Institute also said people could disable JavaScript, and suggested using
NoScript, an open-source Firefox plug-in that only allows script to be executed by
trusted Web sites.
Moja greska,izvinjavam se.
Izvor informacije CNET: http://news.cnet.com/8301-1009_3-10287172-83.html?tag=contentMain;contentBody
|
