Mozilla warned Tuesday that a critical flaw in its new Firefox 3.5 browser could be used to execute malicious code.
The vulnerability is in Firefox 3.5's Just-in-time (JIT) JavaScript compiler, Mozilla reported on its security blog. The flaw, which was disclosed Monday, can be exploited by an attacker who dupes a user into viewing a webpage with the malicious code, according to Mozilla.
Danish vulnerability clearinghouse Secunia rated the vulnerability highly critical in its security advisory.
Mozilla is working on a fix for the flaw, but said it can be mitigated by disabling JIT in the JavaScript engine and provided instructions in its blog post. "Note that disabling the JIT will result in decreased JavaScript performance and is only recommended as a temporary security measure," the organization noted.
No comments:
Post a Comment