Critical Vulnerability Reported In Firefox 3.5

Security vulnerability intelligence company Secunia on Tuesday reported the finding of a critical bug in Mozilla's Firefox 3.5 browser that could be exploited to compromise a user's system.

The bug was classified as highly critical by Secunia, which warned that malicious people could exploit it via the execution of arbitrary code to take over other users' systems.

Secunia's report on the exploit can be read by clicking here.

"The vulnerability is caused due to an error when processing JavaScript code handling e.g. 'font' HTML tags and can be exploited to cause a memory corruption," Secunia warned.

Secunia said the original advisory was reported on the milwOrm website, and can be read by clicking here.

The vulnerability has so far been confirmed in Firefox 3.5, but Secunia said it may also affect other versions of the browser. Mozilla on Tuesday confirmed the vulnerability, and said that it can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code.

Mozilla said the vulnerability can be mitigated by disabling the JIT (Just-in-time) in the JavaScript engine, and offered code to do so. Users can also disable the JIT by running Firefox in the Safe Mode.

However, disabling the JIT is only a temporary measure, as such an action will cut JavaScript performance.

Mozilla said its developers are working on a fix for the vulnerability and will release a Firefox security update once the fix is ready.