Critical security hole hits Firefox 3.5

News

Critical security hole hits Firefox 3.5

Warwick Ashford

Mozilla is working on a fix for a "highly critical" vulnerability in is Firefox browser.

The vulnerability, which puts users at risk of remote code execution attacks, affects Firefox 3.5, but other versions may also be at risk.

Mozilla said an attacker can exploit the vulnerability by luring Firefox users to a malicious web page containing the exploit code.

The security hole is due to an error in the way JavaScript code is processed, according to the US Computer Emergency Readiness Team (US-CERT).

"Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability," US-CERT warned.

Proof-of-concept exploit code was posted on Milw0rm.com, an exploit code aggregation site.

US-CERT said Firefox users should disable JavaScript. The organisation has also posted instructions on other ways of mitigating the risk until a fix is released.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy