Mozilla’s Firefox 3.5.1 browser is now out with fixes for one critical zero-day vulnerability that first became public earlier this week. The zero-day flaw is a vulnerability in Firefox 3.5’s Just-in-Time (JIT) JavaScript compiler. Mozilla’s security advisory describes the vulnerability as “an exploitable memory corruption problem.” Security researcher Simon Berry-Byrne publicly posted proof-of-concept exploit code […]
Mozilla’s Firefox 3.5.1 browser is now out with fixes for one critical zero-day vulnerability that first became public earlier this week.
The zero-day flaw is a vulnerability in Firefox 3.5’s Just-in-Time (JIT) JavaScript compiler. Mozilla’s security advisory describes the vulnerability as “an exploitable memory corruption problem.”
Security researcher Simon Berry-Byrne publicly posted proof-of-concept exploit code for the flaw on Tuesday, potentially enabling an attacker to execute arbitrary code. Mozilla began testing a patch for the flaw the same day with its nightly builds.
The update is the first security update for Firefox 3.5 which was released at the end of June.
Security isn’t the only issue addressed by the update. Mozilla is also tackling a sluggish startup issue for Windows users in Firefox 3.5.1. On the Mozilla bugzilla system, the bug is officially described as “very slow startup for Firefox 3.5 due to accessing IE Internet Temporary Files and Windows Temp folder.” According to the bugzilla report, the startup time for Firefox 3.5 was found to be slower than it should have been, and Firefox 3.5.1 has now been patched to resolve the issue.
All together, the Firefox 3.5.1 release patched 22 bugs, 7 of which were tagged by developers as being critical.
Among those critical bugs are a number of non-security-related crash conditions. One of them is a crash was triggered by way of certain types of search requests made by the main browser interface.
Firefox 3.5.1 does not, however, address every issue that researchers have had issues with in Firefox 3.5.
One issue that was alleged by security researcher “^3described4^3r” is that Firefox 3.5 leaks DNS (define) information. The researcher’s claim is that Firefox 3.5 incorrectly handles DNS information that shouldn’t be exposed when a user is using a proxy (define).
At this point, Mozilla doesn’t see a security issue with Firefox 3.5’s DNS handling.
“When a user manually configures a proxy and flips the remote_dns pref to route DNS requests through the proxy, we’ll do just that — no local DNS lookups,” Mozilla’s Johnathan Nightingale told InternetNews.com. “In fact, our users can turn off dns prefetch altogether with a boolean pref called ‘network.dns.disablePrefetch,’ though we hope few do, since DNS pre-fetch improves the responsiveness of normal Web browsing.”
While the zero-day JavaScript flaw is the big news in the Firefox 3.5.1 update, Mozilla had planned for the update prior to the public disclosure of the security issue. Within days of the final Firefox 3.5 release, Mozilla had stated that a Firefox 3.5.1 release would be issued in mid- to late July to fix a number of crash issues and bugs.
Article courtesy of InternetNews.com.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
