Yesterday, the Mozilla Security Blog posted information on a critical JavaScript vulnerability discovered by Zbyte in the latest Firefox web browser version, 3.5.
Lucas Kruijswijk found a solution for this issue and explained how you can fix it temporary, until you’ll have the possibility to download and install future updates for the web browser.
According to the blog, the bug was discovered last week in the browser’s Just-in-time JavaScript compiler and it’s considered to be a critical type vulnerability used for executing malicious code. It can be exploited by an attacker and you could be tricked to view a malicious web page with the exploit code.
In order to fix this vulnerability you need to follow a few simple steps and disable the Just-in-time in the JavaScript engine.
First you have to enter “about:config” in the address bar in Firefox 3.5. You will then see the following message: “This might void your warranty! Changing these advanced settings can be harmful to the stability, security, and performance of this application. You should only continue if you are sure of what you are doing.” Just press the “I’ll be careful, I promise!” button. Now, in the Filter box, just type “jit” and see the two results under the Preference Namesection in the left. Double-click the “javascript.options.jit.content” and make sure the settings changed to “user set” for the Status and “false” under Value. That’s it.
Another way you can disable the JIT is by running the web browser in Safe Mode.
You are now safe, but the JavaScript performance is decreased, so after receiving the security update that fixes this issue you should restore the settings.
Related posts:
No comments yet.
RSS feed for comments on this post. TrackBack URL
