Mozilla launched the new Firefox browser version 3.5 just recently, on June 30. It did not take long for the first bug to be found. It is in the TraceMonkey JavaScript engine that comes with the browser. An attacker could exploit it by enticing or tricking you into visiting a malicious Web site, and then hijacking your computer.

Danish security company Secunia considers the flaw “highly critical”, its second-highest ranking. Others say the problem was largely self-inflicted, since details of the bug were on the Mozilla bug and change database Web site. claims it was already working on a fix last week, when details of the vulnerability hit the, er, … fan.

What to do? Stay with 3.0 a while longer, if you have not updated yet to 3.5. If you have, you can disable the relevant part of the engine. Enter “about:config” in the address bar, enter “jit” in the filter box, and double-click “javascript.options.jit.content”. This sets it to “false”. Also, if you have the NoScript extension, it will take care of the problem for you.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google Bookmarks
  • Yahoo! Buzz
  • TwitThis
  • Live
  • LinkedIn
  • Pownce
  • MySpace