US-CERT has warned about security vulnerability in Firefox 3.5 browser, which could allow hackers to execute the malicious code remotely.
The computer emergency readiness team stated that it is aware of the reports of vulnerability affecting Mozilla Firefox 3.5. The team said: “This vulnerability is due to an error in the way JavaScript code is processed. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability.”
Security vulnerability intelligence company Secunia has reported the vulnerability in Mozilla Firefox 3.5. It rated the vulnerability as “highly critical” and noted that other versions of Mozilla Firefox could also be affected.
Mozilla has recognised the vulnerability and confirmed that it is working on a fix for this flaw. The company stated on its security blog: “The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious web page containing the exploit code.”
The company said that the vulnerability can be mitigated by disabling the JIT in the JavaScript engine. Mozilla also posted instructions to disable the JIT component through “about:config” in the browser’s location bar. Alternatively, users can also disable the JIT by running browser in Windows Safe Mode.
However, the company noted that disabling the JIT component would decrease the performance of JavaScript and recommended it as a temporary security measure.
Earlier this month, Microsoft has warned about security vulnerability in its Internet Explorer, which could allow hackers to access the user’s system remotely. The flaw was found in the ActiveX video control that is used in the browser to play video on computers running with Windows XP or Windows Server 2003 operating systems.
