|
Firefox 3.5.1 fixes critical security problem
|
|
The following comments relate to this news article:
article published on 17 July, 2009
Mozilla Corp. has released Firefox v3.5.1 to address a security flaw that it has described as "critical". The vulnerability lies with the software's Just-In-Time (JIT) compiler used with Javascript and it could be exploited by an attacker to run arbitrary code on a victims computer, such as malware or something similar.
Changes in Firefox 3.5.1
Several security issues.Several stability ... [ read the full article ]
Please read the original article before posting your comments.
|
Senior Member
5 product reviews
|
17. July 2009 @ 14:26 |
Link to this message
|
Yea, good thing too. Just updated my dad's laptop with it, and it's good that Mozilla keeps on top of this for us.
|
|
Advertisement
|
|
|
|
Moderator
|
17. July 2009 @ 14:48 |
Link to this message
|
Didn't know there was a problem. Fired up the PC this afternoon and Firefox automatically updated to 3.5.1. Thought it was a bit odd to see an update as had only updated to 3.5 a little while ago.
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules *** |
Senior Member
2 product reviews
|
17. July 2009 @ 20:22 |
Link to this message
|
It's great to see Mozilla staying on top of things, as well as all those that play with it's source code to find, report and fix such flaws. :)
|
|
cousinkix
Inactive
|
19. July 2009 @ 01:22 |
Link to this message
|
|
I don't think that they are finished yet. The "flash got" download manager plugin drove my Avast anti-virus program crazy. I had to uninstall the damned thing...
|
Junior Member
|
19. July 2009 @ 17:32 |
Link to this message
|
wouldnt that be third party?
my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?
|
Moderator
|
19. July 2009 @ 17:38 |
Link to this message
|
Originally posted by sandeep14:
my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?
I've had that in the past where Firefox gets amnesia. Just install the latest version manually ~ http://en-gb.www.mozilla.com/en-GB
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
This message has been edited since posting. Last time this message was edited on 19. July 2009 @ 17:38
|
Junior Member
|
20. July 2009 @ 07:32 |
Link to this message
|
|
just checked both my laptop and pc and both have forgotten to find the update. maybe i'll wait another week and if it doesnt automatically find the update i'll do it manually.
Sandeep
|
Junior Member
|
20. July 2009 @ 07:36 |
Link to this message
|
|
actually, just downlaoded it now.
Sandeep
|
|
wazzat
Junior Member
|
23. July 2009 @ 14:50 |
Link to this message
|
Here's a short bit from Winsecrets, adding this to enlighten everyone.
Unpatched hole in Firefox 3.5.1 browser
Normally, whenever you hear "unpatched" and "browser exploit" in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 ? as described by the Mozilla Security Center ? news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack.
The good news is that this exploit can't take control of your system. The bad news is that the latest version of Firefox isn't as bulletproof at it should be.
|
|
wazzat
Junior Member
|
23. July 2009 @ 14:55 |
Link to this message
|
|
After reading that Winsecrets article, it seemed prudent to hold off on the update.
|
|
wazzat
Junior Member
|
23. July 2009 @ 15:42 |
Link to this message
|
Me again- adding this after reading the July 16 Winsecrets edition. Article by Susan Bradley.
Firefox 3.5 zero-day flaw doesn't affect Win7
Normally, whenever you're unable to patch Internet Explorer, I just tell you to use Firefox. However, there's currently a zero-day vulnerability being exploited in Firefox 3.5. Several security firms were able to reproduce the problem in Vista but not in the Windows 7 release candidate.
The Mozilla Foundation's Security Blog recommends that you temporarily disable the javascript.options.jit.content setting in about.config; or, you can install and use the donationware NoScript add-on to disable JavaScript on a per-site basis. NoScript is available on the InformAction site.
If you're still running Firefox 3.0.1x, your system isn't vulnerable to this flaw. The 3.5 version has been buggy, and several sources ? including Andrew R. Hickey on Channel Web's The Channel Wire ? have even questioned whether version 3.5 was rushed out. It may be wise to wait before upgrading Firefox until the developers work out the kinks in 3.5.
|
Junior Member
|
13. August 2009 @ 07:30 |
Link to this message
|
|
keep us updated.
p.s. ive always been using NoScript.
|
|
wazzat
Junior Member
|
16. August 2009 @ 10:19 |
Link to this message
|
Just received notice Firefox 3.52 has been released. Is it safe to jump in?
|
Moderator
|
16. August 2009 @ 15:33 |
Link to this message
|
Originally posted by wazzat:
Just received notice Firefox 3.52 has been released. Is it safe to jump in?
It sure is, it's working fine here across a few machines.
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
|
|
wazzat
Junior Member
|
16. August 2009 @ 22:03 |
Link to this message
|
|
Thanks creaky I'll try it. :)
|
|
Advertisement
|
|
|
Junior Member
|
17. August 2009 @ 09:19 |
Link to this message
|
|
oops i forgot to update this. because i noticed i too had v3.5.2 which i was pleased to see be released and auto-update so quickly.
|
