 |
|
| CURRENT SECTION :: TechZone |
The No. 1 Resource for UK IT Contractors: Comprehensive guides - Daily news IT contract jobs - Market rates - Forums - IT contractor network - Calculators |
|
 |
Internet users surfing with the latest version of Firefox risk compromising their systems because the alternative web browser contains a “highly critical” vulnerability. Issuing the alert, security experts at Secunia said the vulnerability in the 3.5 version of Mozilla’s showpiece was due to an error in the way JavaScript code is processed. The currently ‘unpatched’ security hole, which may affect other versions of Firefox, puts users at risk from memory corruption and remote code execution attacks. But there is no evidence that the vulnerability has been exploited, yet, although exploit code has been found online, said the (US) Computer Emergency Readiness Team. CERT recommended users not to click on untrusted websites or links, but to disable JavaScript by setting "javascript.options.jit.content" to "false" via about:config. The Mozilla Foundation, which released the affected software on June 30, endorsed the advice for helping users reduce the risk of exploitation until it tests and issues a fix. “The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. “The vulnerability can be mitigated by disabling the JIT in the JavaScript engine,” the foundation said, adding that a security update to patch the problem would be issued soon. Jul 17, 2009 Email this article Printer friendly page Previous Page
|
|
|
||||||||||||||||||||||||||||
| All content © Contractor UK Limited | [Archive] | [Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |