Thursday, July 16, 2009

Mozilla Firefox Memory Corruption Vulnerability

Secunia Logo
Secunia security site has issued an advisory notice that Firefox has a security vulnerability. It affects Firefox 3.5 and i regarded a highly critical. Apparently, it is caused by a Javascript error when dealing with <font> tags and can lead to memory corruption and alow a malicious peron to compromise a user's system.

Solution:
Set "javascript.options.jit.content" to "false" by opening about:config.

Do not browse untrusted websites or follow untrusted links.

Provided and/or discovered by:
SBerry (Simon Berry-Byrne)

Changelog:
2009-07-15: Updated "Solution" section with temporary workaround information. Added vendor link to the "Original Advisory" section. Added US-CERT link to the "Other References" section.

Original Advisory:
SBerry:
http://milw0rm.com/exploits/9137

Mozilla:
http://blog.mozilla.com/security/2009...vascript-vulnerability-in-firefox-35/

Other References:
US-CERT VU#443060:
http://www.kb.cert.org/vuls/id/443060

Visit http://secunia.com/advisories/35798/ for more details and useful information on security threats in general.

Reblog this post [with Zemanta]

How do you like the sound of some bagpipes?

Lately, I have been attempting to do some 'spring cleaning' of my files. I know, Spring is long gone and we are in the middle of sum...