TweakTown
Tech content trusted by users in North America and around the world
5,676 Reviews & Articles | 36,074 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Zero-Day exploit found in FireFox JIT compiler

Drive by attacks possible

| Internet Browsers News | Posted: Jul 15, 2009 5:39 pm

Wow the specter of JavaScript rears its ugly head at FireFox. In what has to be an "egg on the face" moment for the popular IE alternative; a zero-day flaw in the JIT JavaScript compiler has been found and proof of concept code shown.

 

This is the same type of hole that allowed Safari and OSX to be "pwned" at the Pwn 2 Own competition. A user simply has to browse to a compromised site (say through an e-mail link) and the code can be executed. The new JIT compiler is part of TraceMonkey a new optimization for FireFox 3.5.

 

While there is no fix for this yet, the workaround is to disable JavaScript or to install something like NoScript. NoScript prevents untrusted sites from executing scripts. You can find it in the Plug-ins pane in FireFox just search for NoScript and install.

 

This is a great example of how security can be inadvertently compromised for in return for speed improvements.

Zero-Day exploit found in FireFox JIT compiler

 

Related Tags

Further Reading: Read and find more Internet Browsers news at our Internet Browsers news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below