Firefox 3.5 Vulnerability

Firefox 3.5 Vulnerability Rated 'Highly Critical'

Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.

By Thomas Claburn
July 14, 2009 06:31 PM

US-CERT on Tuesday warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code.

Proof-of-concept exploit code was posted Monday on, an exploit code aggregation site, so it’s likely that the vulnerability is being actively exploited.

The vulnerability, discovered by Simon Berry-Byrne, is related to the way Firefox 3.5 processes JavaScript code.

Here’s the link to the article for those that want to know more:

If you read the article they did mention that having the NoScript addon should protect you so I guess those that don’t use NoScript should start using it.

FF normally act pretty quickly when holes like this appear.

I dare say a fix will be available soon.

3.5.1 candidates are available here:


Thanks for that. Strange though, that when I manually check for updates from the Help dropdown on FF, it says that no updates are available. I am using 3.5, BTW


Ahh… I see why.

There’s no update for Windows just yet, just Linux and Mac

it’s in the unsigned folder:


Sorry, didn’t think to differentiate the builds, my bad.

A win32 folder has just appeared under the build1 folder