Critical security hole hits Firefox 3.5

News

Critical security hole hits Firefox 3.5

Warwick Ashford

Mozilla is working on a fix for a "highly critical" vulnerability in is Firefox browser.

The vulnerability, which puts users at risk of remote code execution attacks, affects Firefox 3.5, but other versions may also be at risk.

Mozilla said an attacker can exploit the vulnerability by luring Firefox users to a malicious web page containing the exploit code.

The security hole is due to an error in the way JavaScript code is processed, according to the US Computer Emergency Readiness Team (US-CERT).

"Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability," US-CERT warned.

Proof-of-concept exploit code was posted on Milw0rm.com, an exploit code aggregation site.

US-CERT said Firefox users should disable JavaScript. The organisation has also posted instructions on other ways of mitigating the risk until a fix is released.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy