Mozilla is warning users and administrators of a critical JavaScript flaw in its Firefox 3.5 browser.
The company said that the problem exists in the browser's JavaScript tool within a component called 'just in time' (JIT). If exploited, the vulnerability could allow an attacker to remotely execute code on a targeted system.
Mozilla further warned that a working exploit has been publically released, increasing the risk of attacks occurring in the wild.
A Firefox security alert offers instructions on how to temporarily disable the JIT component through the browser's about:config menu. Doing so will slow JavaScript performance, however.
Users can also reduce the risk of attack by running the browser in Windows Safe Mode.
The flaw is the latest in a string of high-profile browser exploits in recent days. Last week Microsoft warned of a flaw in a video ActiveX plug-in that was actively being targeted in Internet Explorer, and yesterday the company reported a second vulnerable IE component, this time an Office plug-in, that was being targeted by attackers.
See also:
Codefend could save money by catching security problems early on 14 Jul 2009
Flaw in ActiveX Control first reported in early 2008 10 Jul 2009
Microsoft has given advance warning of a number of security fixes 10 Jul 2009
Obsolete system could increase the risk of identity theft 08 Jul 2009All Bugs & Fixes Tags: Mozilla, Firefox, Javascript, Threats, Hacking, Security, Software
del.icio.us
Digg this
reddit!
