Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Browse by topic

News

Firefox 3.5.1 fixes critical security problem

17 July 2009 13:58 by James "Dela" Delahunty | 16 comments

Mozilla Corp. has released Firefox v3.5.1 to address a security flaw that it has described as "critical". The vulnerability lies with the software's Just-In-Time (JIT) compiler used with Javascript and it could be exploited by an attacker to run arbitrary code on a victims computer, such as malware or something similar.

Changes in Firefox 3.5.1

Several security issues.
Several stability issues.
An issue that was making Firefox take a long time to load on some Windows systems.

You can download Firefox 3.5.1 from:
http://www.afterdawn.com/software/network_software/web_browsers/firefox.cfm

You can also get it for Linux or Mac OS X too.

Permalink to this article

Mozilla to warn Firefox users of outdated, insecure Adobe Flash installations (5 September 2009)

Firefox 3.6 Alpha 1 for developers, testers released (10 August 2009)

Firefox surpasses billion downloads milestone (31 July 2009)

Firefox 3.5 final coming tomorrow (29 June 2009)

Mozilla releases Firefox 3.5 Beta 4 & Firefox 3.0.10 (28 April 2009)

Firefox, Safari steal more browser market share (4 March 2009)

« Previous news article
Xbox Live download sales jump 73 percent, Nintendo boasts DS success

Next news article »
LG Display aims for 32-inch OLED production in 2012

Post your comment

Discuss this article!
blueboy09 (Newbie) 17 July 2009 14:26
Yea, good thing too. Just updated my dad's laptop with it, and it's good that Mozilla keeps on top of this for us. [ + quote]
creaky (Moderator) 17 July 2009 14:48
Didn't know there was a problem. Fired up the PC this afternoon and Firefox automatically updated to 3.5.1. Thought it was a bit odd to see an update as had only updated to 3.5 a little while ago. Forum Rules ~ http://forums.afterdawn.com/thread_view.cfm/2487 / Xbox softmodding software ~ http://forums.afterdawn.com/thread_view.cfm/557450 Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W Network ~ 2 node DD-WRT (v23 sp2) WDS over WPA2 comprising: Buffalo - 2x WHR-G54Ss. Plus 2 adhoc nodes comprising Linksys - WRT54G v5 & WRT54G v2 [ + quote]
Pop_Smith (Senior Member) 17 July 2009 20:22
It's great to see Mozilla staying on top of things, as well as all those that play with it's source code to find, report and fix such flaws. :) [ + quote]
cousinkix (Newbie) 19 July 2009 1:22
I don't think that they are finished yet. The "flash got" download manager plugin drove my Avast anti-virus program crazy. I had to uninstall the damned thing... [ + quote]
sandeep14 (Newbie) 19 July 2009 17:32
wouldnt that be third party? my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version? [ + quote]
creaky (Moderator) 19 July 2009 17:38
*Originally posted by sandeep14:* my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version? I've had that in the past where Firefox gets amnesia. Just install the latest version manually ~ http://en-gb.www.mozilla.com/en-GB Forum Rules ~ http://forums.afterdawn.com/thread_view.cfm/2487 / Xbox softmodding software ~ http://forums.afterdawn.com/thread_view.cfm/557450 Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W Network ~ 2 node DD-WRT (v23 sp2) WDS over WPA2 comprising: Buffalo - 2x WHR-G54Ss. Plus 2 adhoc nodes comprising Linksys - WRT54G v5 & WRT54G v2 [ + quote] This message has been edited since posting. Last time this message was edited on 19 July 2009 17:38
sandeep14 (Newbie) 20 July 2009 7:32
just checked both my laptop and pc and both have forgotten to find the update. maybe i'll wait another week and if it doesnt automatically find the update i'll do it manually. Sandeep [ + quote]
sandeep14 (Newbie) 20 July 2009 7:36
actually, just downlaoded it now. Sandeep [ + quote]
wazzat (Junior Member) 23 July 2009 14:50
Here's a short bit from Winsecrets, adding this to enlighten everyone. Unpatched hole in Firefox 3.5.1 browser Normally, whenever you hear "unpatched" and "browser exploit" in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 � as described by the Mozilla Security Center � news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack. The good news is that this exploit can't take control of your system. The bad news is that the latest version of Firefox isn't as bulletproof at it should be. [ + quote]
wazzat (Junior Member) 23 July 2009 14:55
After reading that Winsecrets article, it seemed prudent to hold off on the update. [ + quote]
wazzat (Junior Member) 23 July 2009 15:42
Me again- adding this after reading the July 16 Winsecrets edition. Article by Susan Bradley. Firefox 3.5 zero-day flaw doesn't affect Win7 Normally, whenever you're unable to patch Internet Explorer, I just tell you to use Firefox. However, there's currently a zero-day vulnerability being exploited in Firefox 3.5. Several security firms were able to reproduce the problem in Vista but not in the Windows 7 release candidate. The Mozilla Foundation's Security Blog recommends that you temporarily disable the javascript.options.jit.content setting in about.config; or, you can install and use the donationware NoScript add-on to disable JavaScript on a per-site basis. NoScript is available on the InformAction site. If you're still running Firefox 3.0.1x, your system isn't vulnerable to this flaw. The 3.5 version has been buggy, and several sources � including Andrew R. Hickey on Channel Web's The Channel Wire � have even questioned whether version 3.5 was rushed out. It may be wise to wait before upgrading Firefox until the developers work out the kinks in 3.5. [ + quote]
sandeep14 (Newbie) 13 August 2009 7:30
keep us updated. p.s. ive always been using NoScript. [ + quote]
wazzat (Junior Member) 16 August 2009 10:19
Just received notice Firefox 3.52 has been released. Is it safe to jump in? [ + quote]
creaky (Moderator) 16 August 2009 15:33
*Originally posted by wazzat:* Just received notice Firefox 3.52 has been released. Is it safe to jump in? It sure is, it's working fine here across a few machines. Forum Rules ~ http://forums.afterdawn.com/thread_view.cfm/2487 / Xbox softmodding software ~ http://forums.afterdawn.com/thread_view.cfm/557450 Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W Network ~ Network - 3 node DD-WRT (v23 sp2) comprising: Linksys WRT54GS v6 & WRT54G v2 & WRT54G v5 [ + quote]
wazzat (Junior Member) 16 August 2009 22:03
Thanks creaky I'll try it. :) [ + quote]
sandeep14 (Newbie) 17 August 2009 9:19
oops i forgot to update this. because i noticed i too had v3.5.2 which i was pleased to see be released and auto-update so quickly. [ + quote]