TweakTown
Tech content trusted by users in North America and around the world
6,139 Reviews & Articles | 39,461 News Posts
Weekly Giveaway: Win an Antec Case, PSU and Cooler (Global Entry!)

Zero-Day exploit found in FireFox JIT compiler

Drive by attacks possible

| Internet Browsers News | Posted: Jul 15, 2009 5:39 pm

Wow the specter of JavaScript rears its ugly head at FireFox. In what has to be an "egg on the face" moment for the popular IE alternative; a zero-day flaw in the JIT JavaScript compiler has been found and proof of concept code shown.

 

This is the same type of hole that allowed Safari and OSX to be "pwned" at the Pwn 2 Own competition. A user simply has to browse to a compromised site (say through an e-mail link) and the code can be executed. The new JIT compiler is part of TraceMonkey a new optimization for FireFox 3.5.

 

While there is no fix for this yet, the workaround is to disable JavaScript or to install something like NoScript. NoScript prevents untrusted sites from executing scripts. You can find it in the Plug-ins pane in FireFox just search for NoScript and install.

 

This is a great example of how security can be inadvertently compromised for in return for speed improvements.

Zero-Day exploit found in FireFox JIT compiler

 

Related Tags

Further Reading: Read and find more Internet Browsers news at our Internet Browsers news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases