Patch is in the works, exploit code and Metasploit attack module are released
The race is on: Mozilla is scrambling to finish a patch for a now-public bug in its Firefox 3.5 browser, while exploit code is circulating and Metasploit has released a new module for the attack.
The vulnerability, which was initially discovered by Mozilla last week in the Firefox 3.5 Just-in-Time (JIT) JavaScript compiler, is considered "critical" in that it can be used to execute malicious code, according to Mozilla. A researcher posted his attack code on mil0rm on Monday. The flaw lets an attacker infect the machine of a victim duped into visiting a malicious Web page.
Disabling JIT in the JavaScript engine is one way to protect against such an attack, but that's only a temporary solution because without JIT, Firefox's performance decreases, Mozilla warned in its blog. Another option is to run Firefox in Safe Mode, which disables the JIT, or to use the NoScript add-on for Firefox.
Here's how to disable JIT in JavaScript, according to Mozilla:
1. Enter about:configin the browser's location bar.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024