Mozilla has updated its Firefox browser to plug a critical security hole days after attack code for the vulnerability surfaced on the Web.
Mozilla stitched a
security hole in Firefox 3.5, fixing a vulnerability in the browser
after attack code targeting the vulnerability was made public earlier
With Firefox 3.5.1,
engine's JIT (just-in-time)
compiler that could be exploited to run arbitrary code. The vulnerability was
reported last week, but took on new
for users when attack code for the bug became public while users
waited on a fix.
"In certain cases after a
return from a native function, such as escape(), the Just-in-Time (JIT)
compiler could get into a corrupt state," according to Mozilla. "This could be
exploited by an attacker to run arbitrary code such as installing
If the patch cannot be
deployed right away, there is a workaround for users. Mozilla recommends users
. Firefox 3.5 is the only version of the browser
vulnerable to the attack, as it is the only one with JIT.
Better than 20 other bugs
were also fixed in the update, which can be downloaded here