Technology content trusted in North America and globally since 1999
8,227 Reviews & Articles | 62,343 News Posts

Zero-Day exploit found in FireFox JIT compiler

Drive by attacks possible
By: Sean Kalinich | Internet Browsers News | Posted: Jul 15, 2009 5:39 pm

Wow the specter of JavaScript rears its ugly head at FireFox. In what has to be an "egg on the face" moment for the popular IE alternative; a zero-day flaw in the JIT JavaScript compiler has been found and proof of concept code shown.


This is the same type of hole that allowed Safari and OSX to be "pwned" at the Pwn 2 Own competition. A user simply has to browse to a compromised site (say through an e-mail link) and the code can be executed. The new JIT compiler is part of TraceMonkey a new optimization for FireFox 3.5.


While there is no fix for this yet, the workaround is to disable JavaScript or to install something like NoScript. NoScript prevents untrusted sites from executing scripts. You can find it in the Plug-ins pane in FireFox just search for NoScript and install.


This is a great example of how security can be inadvertently compromised for in return for speed improvements.

Zero-Day exploit found in FireFox JIT compiler


Related Tags

Got an opinion on this news? Post a comment below!