Mozilla released Firefox 3.5 on 30th June 2009, and claimed that it contains more improved features than the previous version, supporting new web technologies, improving performance and ease of use. On July 9, Firefox user “zbyte” submitted an error report to Mozilla’s bug tracking system. According to the report, the browser crashes when text is typed into an input box in the site apport.ru instead of fetching the search result.
It is found that the security flaw lies in the Firefox’s Just-In-Time (JIT) Javascript compiler. Due to the vulnerability, the JIT compiler could become corrupt when a user lands on a tainted web page and paves way for an attacker to insert a malicious code on the user’s computer.
Initially, Firefox advised its users to turn off Javascript or use Noscript add-on. Another simple solution was to set “javascript.options.jit.content” to false in the configuration page which can be opened by typing about:config in the address bar.
Finally, Mozilla has come up with a permanent solution by releasing a new version of Firefox 3.5.1 which fixes the critical security vulnerability. Just upgrade your browser to the newer version to safeguard it from Javascript vulnerability. Don’t forget to enable your Javascript after updating your browser to the 3.5.1 version. Another issue that was making Firefox take a long time to load some Windows systems was fixed in the new version.