Firefox 3.5.1 Patches JavaScript Vulnerability
Mozilla has fixed a severe JavaScript vulnerability in Firefox.
"Firefox version 3.5.1 fixes the critical flaw, revealed… by vulnerability tracking firm Secunia and which arises when the browser processes JavaScript code to handle HTML font tags," writes SC Magazine's Dan Kaplan. "An exploit could cause a memory corruption buffer overflow, leading to the installation of malware on a compromised system."
"The flaw is in the Just-in-Time (JIT) compiler for JavaScript (the source of the browser's claimed JavaScript performance improvements), which can be put into the corrupt state," notes PC Mag's Larry Seltzer.