Saturday, July 18, 2009

Mozilla Firefox Memory Corruption Vulnerability Fixed in 3.5.1

Mozilla recently announced a bug in Firefox 3.5's Just-In-Time (JIT) compiler in which an error in its escape() function could lead the browser into a corrupt state, thereby allowing attackers to run arbitrary code such as installing malware.

Earlier versions of Firefox which does not support the JIT compiler are not affected. However, this is considered a critical vulnerability as there are already reports of an exploit code for this security flaw in the wild. Mozilla, after learning about this security issue, quickly posted a workaround solution until a fix has been provided.

Fortunately for us Firefox users, Mozilla has already released Firefox 3.5.1 to resolve this issue. PC Tools' Malware Research Team highly advises users to update to this new version ASAP.

Mozilla Firefox 3.5.1 can be downloaded here.