Temporary fix for Firefox 3.5 JavaScript vulnerability
Use this trick to temporarily patch a JavaScript vulnerability on Firefox 3.5.
Firefox 3.5 is great, particularly for its performance. The new JIT Compiler that ships with Firefox 3.5 makes executing JavaScript code a snap and is a main contributor to the performance improvements you see on Firefox 3.5.
Unfortunately, the JIT Compiler that shipped with Firefox 3.5 has a bug which can be exploited by a hacker to execute code that you are not supposed to.
Of course, Mozilla is working on this bug and is planning to issue a patch within the next 2 weeks.
In the mean time, if you are concerned and wanted to make sure your computer is not compromised you can make this simple settings change to close the back door temporarily.
Launch Firefox 3.5 browser and type-in “about:config” on the Address Bar and press Enter.
Click thru the “I’ll be careful, I promise!” button on the Warranty page.
On the Filter Box type-in “jit“. Firefox will filter the entries down to “javascript.options.jit.content“.
Double click on “javascript.options.jit.content” to change the value to “false“.
Restart the browser and the JIT Compiler is less exploitable now.
Remember this trick is not the final fix for this issue as this trick makes the JIT Compiler perform a lot slower and that’s not acceptable for the claim of Firefox 3.5 being super fast.
July 16th, 2009 at 2:20 pm
Make sure to undo this change when the patch gets released. It is important that you undo this change otherwise, there might not be much to lose but you'll certainly won't reap the benefit of the super-fast JavaScript engine that's on Firefox 3.5.