This is not good. 😯
A zero-day exploit affecting Firefox 3.5 is on the loose and Mozilla doesn’t have a fix. To make matters worse, the exploit is leveraging a JavaScript vulnerability. Simon Berry-Byrne of Secunia explains:
The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 3.5. Other versions may also be affected.
Experts recommend
In situations like this, security experts recommend that JavaScript be disabled until Mozilla comes up with a patch. That works, but then almost every Web site visited will be broken as most of Web sites use JavaScript.
My fix
I’d like to suggest a different approach, it’s a simple lightweight application that allows you to decide whether you want JavaScript to run or not. The application is called NoScript. I explain NoScript and other security add-ons in the article Firefox: Some security tips.
Final thoughts
It appears (unconfirmed) that the exploit is a variant of Milw0rm and could be serious. Be especially careful when you visit unfamiliar Web sites.
via Firefox 3.5 vulnerable to JavaScript exploit – Examiner.
I will be running Google chrome until it is fixed. Hopefully something comes up soon.
No Script, the Mozilla add-on works great! Been using it for two years. I on’t allow Google spyware, Ad serve, etc. etc.to run anymore. Yet I can give each trusted website permanant permission.
I control Javasript, not the other way around. Keeps the spyware and autoloaders off too!
Yeah, I saw that. I might install that here myself. Thanks. 😀