Firefox 3.5 vulnerable to critical Javascript attack

A critical flaw in the way Firefox 3.5 handles Javascript reportedly opens the door to a serious attack.

Share

A critical flaw in the way Firefox 3.5 handles Javascript reportedly opens the door to a serious attack.

That is according to Secunia, which tracks security vulnerabilities.

Sample exploit code is already available online, so while there aren't yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned web page that uses behind-the-scenes attack code to trigger the flaw.

The Washington Post's Security Fix has posted a workaround to protect against the flaw while Mozilla prepares a patch. The temporary fix disables a new Javascript processing feature in Firefox 3.5, which Security Fix says will slow down Javascript handling but protect against this exploit.

See Brian Krebs' post for instructions.

Firefox 3.0 users who haven't yet upgraded should not be vulnerable to this flaw, it is said, and will not find the setting that Krebs describes.

"Recommended For You"

Mozilla issues fix for critical Firefox flaw Firefox 3 patched by Mozilla