Temporary fix for Firefox 3.5 JavaScript vulnerability

By TheGeek on July 15, 2009 under Browser

Use this trick to temporarily patch a JavaScript vulnerability on Firefox 3.5.

Firefox 3.5 is great, particularly for its performance. The new JIT Compiler that ships with Firefox 3.5 makes executing JavaScript code a snap and is a main contributor to the performance improvements you see on Firefox 3.5.

Unfortunately, the JIT Compiler that shipped with Firefox 3.5 has a bug which can be exploited by a hacker to execute code that you are not supposed to.

Of course, Mozilla is working on this bug and is planning to issue a patch within the next 2 weeks.

In the mean time, if you are concerned and wanted to make sure your computer is not compromised you can make this simple settings change to close the back door temporarily.

about_config on Firefox 3.5.png

Launch Firefox 3.5 browser and type-in “about:config” on the Address Bar and press Enter.

Warranty message on Firefox 3.5.png

Click thru the “I’ll be careful, I promise!” button on the Warranty page.

JIT filter on Firefox 3.5.png

On the Filter Box type-in “jit“. Firefox will filter the entries down to “javascript.options.jit.content“.

JIT Content set to FALSE on Firefox 3.5.png

Double click on “javascript.options.jit.content” to change the value to “false“.

Restart Firefox 3.5.png

Restart the browser and the JIT Compiler is less exploitable now.

Remember this trick is not the final fix for this issue as this trick makes the JIT Compiler perform a lot slower and that’s not acceptable for the claim of Firefox 3.5 being super fast.

Related Posts with Thumbnails


Subscribe to our free RSS feed to keep up with what's happening at DemoGeek.com

At DemoGeek.com we try to explain the tech stuffs in as much detail as we can to help the not-so-tech-savvy of our friends understand and follow the tech stuffs.

Share/Save/Bookmark

Subscribe to DemoGeek.com
Speed up Firefox 3.5 startup time on Windows Nimbuzz releases iPhone and Mac client updates

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

One comment

  1. Firefox Security
    #1

    July 16th, 2009 at 2:20 pm

    Make sure to undo this change when the patch gets released. It is important that you undo this change otherwise, there might not be much to lose but you'll certainly won't reap the benefit of the super-fast JavaScript engine that's on Firefox 3.5.

Leave a Reply





XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

2 Trackbacks/Pings

Topics

Most Commented

News

About DemoGeek.com

DemoGeek.com brings you high quality articles, tutorials and how to's on everything related to Microsoft Windows, Mac OSX, iPhone, Useful Websites, Browsers, Software and Programming.

At DemoGeek.com you'll find step-by-step explanation of the technical issues explained in detail with screenshots and screencasts. Read More...

Contact |  FUG |  Disclaimer

Creative Commons License

Canonical URL by SEO No Duplicate WordPress Plugin