I am a strong advocate for FireFox and suggest it's use over Internet Explorer when ever I get a chance. It just goes to show that nothing is perfect. A Critical JavaScript Vulnerability in the newly released web browser was announced last week. The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. What is the chance of an individual being affected by this vulnerability? How does this vulnerability affect Linux/OS-X users compared to Windows users? Good questions. There are steps that one can take to protect one's self:

  • One can install the No Script Addon - Probably the easiest solution.
  • One can start Firefox in Safe Mode - A little bit harder. Windows users can select "Mozilla Firefox (Safe Mode), Linux users can type "firefox -safe-mode" in a Terminal window. In the Safe Mode Window will need to select the "Disable All Add-Ons" and press the "Continue in Safe Mode" button.
  • One can disable JIT in the JavaScript Engine - The most difficult solution.

The fix has been slated for FireFox 3.5.1 originally scheduled to be released the end of July. Due to the critical nature of this bug, the release has been moved up.

Update: The new version has been released and can be installed from Mozilla's download site or by selecting "Check for Updates" in the Help menu.

Tags: firefox, vulnerability

No feedback yet