AfterDawn: Tech news

Firefox 3.5.1 fixes critical security problem

Written by James Delahunty (Google+) @ 17 Jul 2009 13:58 User comments (16)

Firefox 3.5.1 fixes critical security problem Mozilla Corp. has released Firefox v3.5.1 to address a security flaw that it has described as "critical". The vulnerability lies with the software's Just-In-Time (JIT) compiler used with Javascript and it could be exploited by an attacker to run arbitrary code on a victims computer, such as malware or something similar.
Changes in Firefox 3.5.1
  • Several security issues.
  • Several stability issues.
  • An issue that was making Firefox take a long time to load on some Windows systems.
You can download Firefox 3.5.1 from:
http://www.afterdawn.com/software/network_software/web_browsers/firefox.cfm

You can also get it for Linux or Mac OS X too.

Previous Next  

16 user comments

117.7.2009 14:26

Yea, good thing too. Just updated my dad's laptop with it, and it's good that Mozilla keeps on top of this for us.

217.7.2009 14:48

Didn't know there was a problem. Fired up the PC this afternoon and Firefox automatically updated to 3.5.1. Thought it was a bit odd to see an update as had only updated to 3.5 a little while ago.




Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

317.7.2009 20:22

It's great to see Mozilla staying on top of things, as well as all those that play with it's source code to find, report and fix such flaws. :)

419.7.2009 1:22
cousinkix
Inactive

I don't think that they are finished yet. The "flash got" download manager plugin drove my Avast anti-virus program crazy. I had to uninstall the damned thing...

519.7.2009 17:32

wouldnt that be third party?

my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?

619.7.2009 17:38

Originally posted by sandeep14:
my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?
I've had that in the past where Firefox gets amnesia. Just install the latest version manually ~ http://en-gb.www.mozilla.com/en-GB
This message has been edited since its posting. Latest edit was made on 19 Jul 2009 @ 17:38



Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

720.7.2009 7:32

just checked both my laptop and pc and both have forgotten to find the update. maybe i'll wait another week and if it doesnt automatically find the update i'll do it manually.


Sandeep

820.7.2009 7:36

actually, just downlaoded it now.


Sandeep

923.7.2009 14:50

Here's a short bit from Winsecrets, adding this to enlighten everyone.
Unpatched hole in Firefox 3.5.1 browser

Normally, whenever you hear "unpatched" and "browser exploit" in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 as described by the Mozilla Security Center news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack.

The good news is that this exploit can't take control of your system. The bad news is that the latest version of Firefox isn't as bulletproof at it should be.

1023.7.2009 14:55

After reading that Winsecrets article, it seemed prudent to hold off on the update.

1123.7.2009 15:42

Me again- adding this after reading the July 16 Winsecrets edition. Article by Susan Bradley.

Firefox 3.5 zero-day flaw doesn't affect Win7

Normally, whenever you're unable to patch Internet Explorer, I just tell you to use Firefox. However, there's currently a zero-day vulnerability being exploited in Firefox 3.5. Several security firms were able to reproduce the problem in Vista but not in the Windows 7 release candidate.

The Mozilla Foundation's Security Blog recommends that you temporarily disable the javascript.options.jit.content setting in about.config; or, you can install and use the donationware NoScript add-on to disable JavaScript on a per-site basis. NoScript is available on the InformAction site.

If you're still running Firefox 3.0.1x, your system isn't vulnerable to this flaw. The 3.5 version has been buggy, and several sources including Andrew R. Hickey on Channel Web's The Channel Wire have even questioned whether version 3.5 was rushed out. It may be wise to wait before upgrading Firefox until the developers work out the kinks in 3.5.

1213.8.2009 7:30

keep us updated.

p.s. ive always been using NoScript.

1316.8.2009 10:19

Just received notice Firefox 3.52 has been released. Is it safe to jump in?

1416.8.2009 15:33

Originally posted by wazzat:
Just received notice Firefox 3.52 has been released. Is it safe to jump in?
It sure is, it's working fine here across a few machines.



Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

1516.8.2009 22:03

Thanks creaky I'll try it. :)

1617.8.2009 9:19

oops i forgot to update this. because i noticed i too had v3.5.2 which i was pleased to see be released and auto-update so quickly.

Comments have been disabled for this article.

News archive