IT Security Blog

  • Home
  • About IT Security Blog
  • IT Security Basics
  • Real-World Issues
  • Network Security
  • News
  • Malware
  • Tips
  • Spyware

Get Your Firefox 3.5.1

20 July 2009 By Saran

firefox-logoThis is the first minor point release in the 3.5 series of Firefox. The main reason for this patch is a security flaw in the TraceMonkey JavaScript engine of the browser. We have “zbyte” to thank for the discovery of this flaw. This Firefox user reported that his browser kept on crashing each time he tried to type text in an input box on the site apport.ru. Zbyte sent this bug report in on July 9, and less than a month later, Firefox developers were able to find the reason for the bug AND send out a fix as well.

Anyhow, the TraceMonkey JavaScript engine is a huge development on Mozilla’s part. With the bug concerning the engine, however, Firefox users are left vulnerable to exploits. In fact, a malicious web site can take advantage of this bug and execute arbitrary code. The developers reacted quickly, though, with Firefox 3.5.1 as the result.

By the way, soon after the bug was fixed, news circulated that there is another bug. This is utterly believable – bugs abound anyway. In fact, researchers Berry-Byrne and Andrew Hayes discovered this bug in the “escape” function. The good news is that they strongly believe that this bug is not exploitable. That means that while those who encounter this bug just might be bugged about it (no pun intended), we are not in danger – security wise.

In any case, you might want to get the latest patch for Firefox, if you have not already.

Filed Under: Firefox

Categories

  • Backups
  • Cryptography
  • E-mail
  • Firefox
  • General
  • Google Chrome
  • IM
  • Instant Messaging
  • IT Security Basics
  • Malware
  • Network Security
  • News
  • Operating Systems
  • Physical Security
  • Privacy & Anonymity
  • Programming
  • Real-World Issues
  • Review
  • Security Policies
  • Spyware
  • Storage
  • Tips
  • Web browsers
  • Wireless Security