Proof-of-concept exploit code was posted Monday on Milw0rm.com, an exploit code aggregation site, so it's likely that the vulnerability is being actively exploited.
To do this:
about:config in the browser's location bar.
jit in the Filter box at the top of the config editor.
3) Double-click the line containing
Secunia, a computer security company based in Denmark, rates the vulnerability "highly critical" and notes that older versions of Firefox may be affected as well.
F-Secure, a computer security company based in Finland, said in a blog post that its Exploit Shield security software blocks the exploit.
In an interview on Monday about a bug in Google's Chrome browser, Robert "RSnake" Hansen, CEO of SecTheory, a computer security consulting firm, criticized Firefox's security process as being less rigorous than Microsoft's. "For the most part, it's just a bunch of random dudes who are contributing to it," he said.
Nevertheless, Hansen said that Firefox, rather than Internet Explorer, was his browser of choice because it was better for hacking.
Johnathan Nightingale, whose business card says "human shield" -- he manages the front-end team for Firefox and security issues -- says he's proud of the work Mozilla does and that he can't compare Mozilla's efforts to Microsoft's because Microsoft's security process isn't open.
He notes that Mozilla devotes significant resources to security and that the company's security team has been growing. He welcomes those who want to contribute to Mozilla to make it more secure.
Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.