Tag Archives | unpatched

New Unpatched Firefox Flaw

There is a new unpatched memory corruption flaw in the latest version of Firefox.  What this means is that hackers could drop malware onto vulnerable systems.

Chances are this will be fixed sooner, rather than later – here is a little more about the story from The Register:

Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.

Older versions of the popular alternative browser might also be affected, Secunia warns.

Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.

Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there’s nothing in the pipeline just yet).

Best advice I can give to you is to browse safely, don’t go to web sites you don’t trust, and be sure to keep your security programs up to date.

UPDATE:

Found this via Mashable:

Until Mozilla addresses this vulnerability, here’s a temporary fix: Type about:config in Firefox address bar, and set “javascript.options.jit.content” to “false.”

So there is your fix for now.  Thanks to everybody who sent this in!

UPDATE #2:

This problem was fixed in Firefox 3.5.1, so the above hack from Mashable is no longer needed.  To check for updates, be sure to go to Help > “Check for Updates…” in Firefox.