TweakTown
Tech content trusted by users in North America and around the world
5,917 Reviews & Articles | 38,127 News Posts

Zero-Day exploit found in FireFox JIT compiler

Drive by attacks possible

| Internet Browsers News | Posted: Jul 15, 2009 5:39 pm

Wow the specter of JavaScript rears its ugly head at FireFox. In what has to be an "egg on the face" moment for the popular IE alternative; a zero-day flaw in the JIT JavaScript compiler has been found and proof of concept code shown.

 

This is the same type of hole that allowed Safari and OSX to be "pwned" at the Pwn 2 Own competition. A user simply has to browse to a compromised site (say through an e-mail link) and the code can be executed. The new JIT compiler is part of TraceMonkey a new optimization for FireFox 3.5.

 

While there is no fix for this yet, the workaround is to disable JavaScript or to install something like NoScript. NoScript prevents untrusted sites from executing scripts. You can find it in the Plug-ins pane in FireFox just search for NoScript and install.

 

This is a great example of how security can be inadvertently compromised for in return for speed improvements.

Zero-Day exploit found in FireFox JIT compiler

 

Related Tags

Further Reading: Read and find more Internet Browsers news at our Internet Browsers news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases