Security flaw found in Firefox 3.5

Internet users surfing with the latest version of Firefox risk compromising their systems because the alternative web browser contains a "highly critical" vulnerability.



Issuing the alert, security experts at Secunia said the vulnerability in the 3.5 version of Mozilla's showpiece was due to an error in the way JavaScript code is processed.



The currently 'unpatched' security hole, which may affect other versions of Firefox, puts users at risk from memory corruption and remote code execution attacks.



But there is no evidence that the vulnerability has been exploited, yet, although exploit code has been found online, said the (US) Computer Emergency Readiness Team.



CERT recommended users not to click on untrusted websites or links, but to disable JavaScript by setting "javascript.options.jit.content" to "false" via about:config.



The Mozilla Foundation, which released the affected software on June 30, endorsed the advice for helping users reduce the risk of exploitation until it tests and issues a fix.



"The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code.



"The vulnerability can be mitigated by disabling the JIT in the JavaScript engine," the foundation said, adding that a security update to patch the problem would be issued soon.