Firefox 3.5 vulnerable to critical Javascript attack

[jon08]

Hmm, what was that all about.. is it a serious threat or what?


Taken from: http://www.macworld.com/article/141694/2009/07/firefox35_javascript.html


The following article is reprinted from the Security Alert blog at PCWorld.com.

Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw.

The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a new Javascript processing feature in Firefox 3.5, which Security Fix says will slow down Javascript handling but protect against this exploit. See Brian Krebs' post for instructions. Firefox 3.0 users who haven't yet upgraded shouldn't be vulnerable to this flaw, and won’t find the setting that Krebs describes.

 

[Michaelgtrusa]

This is the first I have heard.

 

[MacMini2009]

Is this only for PC's or Macs too?

 

[angelwatt]

I read about it a day or two ago from MacWorld I think. It's unclear as to whether or not Macs could be exploited using this bug. (Edit: Confirmed Mac is vulnerable to the exploit based on this bug report. A note though that the exploit is currently being exploited in-the-wild. Disabling JIT content (described below) or using a add-on like NoScript will help protect you until this is patched.)

(http://secunia.com/advisories/35798/)

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

Temporary fix:

1. In a new tab/window type about:config into the location bar and hit enter.
2. Click the button "I'll be careful, I promise!"
3. In the Filter text field type in jit
4. This should leave only two entries below, double-click the one that ends with the word content.
5. This will change the value to false.
6. All set. You may notice a slow down in page rendering as this will turn off some of the new rendering techniques introduced with version 3.5.

Edit: And bam, just like that it's fixed. Be sure to update your Firefox to 3.5.1 and don't worry about the temporary fix above.

 

[clevin]

3.5.1 is on the ftp server now.

autoupdate should be on by tomorrow, you can download right now from ftp server if you can't wait.

 

[angelwatt]

3.5.1 is on the ftp server now.

autoupdate should be on by tomorrow, you can download right now from ftp server if you can't wait.

Did my link to 3.5.1 not work for you? The FTP site isn't needed to get this.

 

[clevin]

Did my link to 3.5.1 not work for you? The FTP site isn't needed to get this.

indeed

 

[angelwatt]

indeed

Indeed the link didn't work, or indeed you don't need the ftp site? I've used the link I gave from 2 computers now without issue and Firefox's update check finds it too.

 

[clevin]

Indeed the link didn't work, or indeed you don't need the ftp site? I've used the link I gave from 2 computers now without issue and Firefox's update check finds it too.

indeed you are correct and the link you provided works.