Mozilla Pushes Firefox 3.51 Update To Fix Zero Day Flaw

Mozilla has released Firefox 3.51, which is a security update for its just-released open source browser and fixes a weakness in the browser's Just in time Javascript compiler.

According to the browser's developers, hackers could have used this flaw to run malicious code on the user's computer, a process known as Remote Code Execution.

The vulnerability was found just days after the browser was released end of June but Mozilla decided against making it public until the beginning of the week. A patch was generated within 48 hours.

SCMagazine revealed that the vulnerability arises when the browser "processes JavaScript code to handle HTML font tags" which cause a memory corruption bufer overflow. The exploit is based on the Metasploit framework.

Mozilla also incorporated a number of stability props in this update which will also solve an issue that "was making Firefox take a long time to load on some Windows systems". A total of 22 bugs have been ironed out with this version.

As usual, users are strongly urged to download and install the latest browser. However, disabling the Just-In-Time compiler should solve the issue which affects all platforms.

and join more than 1700 other followers.

Our Comments

Neither Mozilla nor any other projects of this site are immune to vulnerabilities. It is to Mozilla's credit that they managed to push out a patch that quickly. For those interested, Firefox has a nightly build which is basically the latest version of the browser; a bit raw but it gives you an idea of what is in store.

Related Links

Firefox 3.5.1 Update Now Available

Firefox releases update to fix severe vulnerability

Firefox 3.5.1 fixes critical security flaw

Mozilla plugs Firefox web browser security hole

Firefox 3.5.1 Fixes JavaScript JIT Vulnerability

Mozilla fixes Firefox zero-day vulnerability