Firefox 3.5 Vulnerability

Firefox 3.5 Vulnerability Rated 'Highly Critical'

Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.

By Thomas Claburn
InformationWeek
July 14, 2009 06:31 PM

US-CERT on Tuesday warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code.

Proof-of-concept exploit code was posted Monday on Milw0rm.com, an exploit code aggregation site, so it’s likely that the vulnerability is being actively exploited.

The vulnerability, discovered by Simon Berry-Byrne, is related to the way Firefox 3.5 processes JavaScript code.

Here’s the link to the article for those that want to know more:
http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=218500486

If you read the article they did mention that having the NoScript addon should protect you so I guess those that don’t use NoScript should start using it.

FF normally act pretty quickly when holes like this appear.

I dare say a fix will be available soon.

3.5.1 candidates are available here:

[url=http://ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/]ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/[/url]

Thanks for that. Strange though, that when I manually check for updates from the Help dropdown on FF, it says that no updates are available. I am using 3.5, BTW

Ahh… I see why.

There’s no update for Windows just yet, just Linux and Mac

it’s in the unsigned folder:

[url=http://ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/build1/unsigned/]ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.5.1-candidates/build1/unsigned/[/url]

Sorry, didn’t think to differentiate the builds, my bad.

A win32 folder has just appeared under the build1 folder