Mozilla stitched a security hole in
Firefox 3.5, fixing a vulnerability in the browser after attack
code targeting the vulnerability was made public earlier this week.
With Firefox 3.5.1, Mozilla fixes a critical
flaw in the TraceMonkey JavaScript engine's JIT (just-in-time) compiler
that could be exploited to run arbitrary code. The vulnerability was reported
last week, but took on new
urgency for users when attack code for the bug became public while users
waited on a fix.
“In certain cases after a return from a native function, such as
escape(), the Just-in-Time (JIT) compiler could get into a corrupt state,”
according to Mozilla. “This could be exploited by an attacker to run arbitrary
code such as installing malware.”
If the patch cannot be deployed right
away, there is a workaround for users. Mozilla recommends users disable JIT in
the JavaScript engine and provides instructions on how to do so here.
Firefox 3.5 is the only version of the browser vulnerable to the attack, as it
is the only one with JIT.
Better than 20 other bugs were also
fixed in the update, which can be downloaded here.