News Firefox 3.5 suffers critical JS flaw

http://www.bit-tech.net/news/bits/2009/07/16/firefox-3-5-suffers-critical-js-flaw/1

A flaw in the just-in-time compiler introduced in Firefox 3.5's new JavaScript engine can lead to code execution, with Mozilla calling the un-patched hole "critical."

 

Running 3,5 but not using that manny diffrent sites so as long there is a fix within a reasonable timespan, I won't be worried.

 

I'm still on 3.0.11 because not all of my addons work with 3.5. Now I feel even better about it

 

LOL I just upgraded yesterday. How does the "flaw" affect Vista with its UAC?



Ctrl + Shift + Pr0n for the win

 

Simple work around using about:config, but it look likes tracemonkey is still being a naughty sod. I wonder if you have to be running an admin level account, for the remote software to install?

 

yeah vista uac would catch this I would think.. thanks for the heads up though- running the 3.5 guinea pig

 

There are malware packages that attempt to gain admin level access, by trying to crack the admin account's password, which in many cases may be very weak.

 

I'm still using 2.x on some of my computers because 3.x can be a performance and reliability pig.

Also I just LOVE how every install of Firefox is a crapshoot as to whether it will delete some or all of my myriad bookmarks.

 

yep.. actually if your like alot of people on pre-builts they put the password unencrypted in the registry- and they disable the uac anyways

the overflow should set off the uac though- I'm just guessing and not willing to try it- maybe after this weeks backup and they have no patch lol

 

glad I use both IE and Firefox ..always have the freedom to use one or the other!

 

It runs at whatever level you're logged in as so if you're running a restricted user account then you should recieve minimal damage.

xmarks FTW.

Or alternatively, you have double the number if infection vectors to worry about...

FF + Noscript + xmarks = tehwin IMO

 

I use NoScript anyway. It's a genius little addon.

 

NoScript and Adblock, coupled with Spybot's immunisation and SpywareBlaster's magic stuff, basically make Firefox an impenetrable fortress. The only way my computer's getting infected is if I let it get infected.

 

Greetings!

3.5.1 will be released tomorrow to fix this.
http://www.ghacks.net/2009/07/16/firefox-3-5-1-update-available/

 

I just installed the 3.5.1 update, was a 1.8MB download.

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)

 

Your using UAC? rofl

It probably has no idea whats going on inside firefox, just that it allowed FF to run...

 

Greetings!

3.5.1 is now available through the auto update.

 

This is hilarious.

ALL HAIL IE8!!!!!!!!!!!!!!

 

Before people start touting x is more secure the same vulnerability has been proven to crash safari, kill the process in ie8 and just makes chrome lockup.

 

Yeah but you have to have a little fun every now and then.