Exploit code for an unpatched, critical bug in Firefox 3.5 is floating around the Web.
Mozilla issued a warning about the vulnerability July 14. The bug rests in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler, and can be exploited by attackers to execute arbitrary code.
“The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption,” according to an advisory by security vendor Secunia.
Sample exploit code has already made its way to milw0rm. If an attacker can trick a user into visiting a site hosting the exploit code, the user can be infected via a drive-by download.
Mozilla said in its advisory that developers are working on a fix and an update will be pushed out as soon as it’s ready. In the meantime, there is information about workarounds available from a number of sources. Mozilla suggests users consider disabling JIT in the JavaScript engine, and provides instructions on how to do so here. US-CERT meanwhile is advising users to disable TraceMonkey.