Technology content trusted in North America and globally since 1999
8,398 Reviews & Articles | 64,168 News Posts

Zero-Day exploit found in FireFox JIT compiler

Drive by attacks possible
By Sean Kalinich from Jul 15, 2009 @ 12:39 CDT

Wow the specter of JavaScript rears its ugly head at FireFox. In what has to be an "egg on the face" moment for the popular IE alternative; a zero-day flaw in the JIT JavaScript compiler has been found and proof of concept code shown.


This is the same type of hole that allowed Safari and OSX to be "pwned" at the Pwn 2 Own competition. A user simply has to browse to a compromised site (say through an e-mail link) and the code can be executed. The new JIT compiler is part of TraceMonkey a new optimization for FireFox 3.5.


While there is no fix for this yet, the workaround is to disable JavaScript or to install something like NoScript. NoScript prevents untrusted sites from executing scripts. You can find it in the Plug-ins pane in FireFox just search for NoScript and install.


This is a great example of how security can be inadvertently compromised for in return for speed improvements.

Zero-Day exploit found in FireFox JIT compiler


Related Tags