Firefox 3.5.1 fixes critical security problem

Mozilla Corp. has released Firefox v3.5.1 to address a security flaw that it has described as "critical". The vulnerability lies with the software's Just-In-Time (JIT) compiler used with Javascript and it could be exploited by an attacker to run arbitrary code on a victims computer, such as malware or something similar.

Changes in Firefox 3.5.1

Several security issues.
Several stability issues.
An issue that was making Firefox take a long time to load on some Windows systems.

You can download Firefox 3.5.1 from:
https://www.afterdawn.com/software/network_software/web_browsers/firefox.cfm

You can also get it for Linux or Mac OS X too.

Written by: James Delahunty @ 17 Jul 2009 13:58

Advertisement - News comments available below the ad

16 comments

blueboy09

Yea, good thing too. Just updated my dad's laptop with it, and it's good that Mozilla keeps on top of this for us.

17.7.2009 14:26 #1

creaky

Didn't know there was a problem. Fired up the PC this afternoon and Firefox automatically updated to 3.5.1. Thought it was a bit odd to see an update as had only updated to 3.5 a little while ago.

Forum Rules ~ http://forums.afterdawn.com/thread_view.cfm/2487 / Xbox softmodding software ~ http://forums.afterdawn.com/thread_view.cfm/557450

Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ 2 node DD-WRT (v23 sp2) WDS over WPA2 comprising: Buffalo - 2x WHR-G54Ss. Plus 2 adhoc nodes comprising Linksys - WRT54G v5 & WRT54G v2

17.7.2009 14:48 #2

Pop_Smith

It's great to see Mozilla staying on top of things, as well as all those that play with it's source code to find, report and fix such flaws. :)

17.7.2009 20:22 #3

cousinkix

I don't think that they are finished yet. The "flash got" download manager plugin drove my Avast anti-virus program crazy. I had to uninstall the damned thing...

19.7.2009 01:22 #4

sandeep14

wouldnt that be third party?

my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version?

19.7.2009 17:32 #5

creaky

Originally posted by sandeep14: my firefox hasnt updated itself yet. ive just clicked on help > about mozilla firefox and it still says v3.0.11 - any reason why mine hasnt found the update yet? is it official or just a beta version? I've had that in the past where Firefox gets amnesia. Just install the latest version manually ~ http://en-gb.www.mozilla.com/en-GB

19.7.2009 17:38 #6

sandeep14

just checked both my laptop and pc and both have forgotten to find the update. maybe i'll wait another week and if it doesnt automatically find the update i'll do it manually.

Sandeep

20.7.2009 07:32 #7

sandeep14

actually, just downlaoded it now.

Sandeep

20.7.2009 07:36 #8

wazzat

Here's a short bit from Winsecrets, adding this to enlighten everyone.
Unpatched hole in Firefox 3.5.1 browser

Normally, whenever you hear "unpatched" and "browser exploit" in the same sentence, you think of Internet Explorer. But right after Mozilla released Firefox 3.5.1 to fix holes in version 3.5 � as described by the Mozilla Security Center � news arrived from the SANS Internet Storm Center that a new, unpatched vulnerability in Firefox 3.5.1 could result in a denial-of-service attack.

The good news is that this exploit can't take control of your system. The bad news is that the latest version of Firefox isn't as bulletproof at it should be.

23.7.2009 14:50 #9

wazzat

After reading that Winsecrets article, it seemed prudent to hold off on the update.

23.7.2009 14:55 #10

wazzat

Me again- adding this after reading the July 16 Winsecrets edition. Article by Susan Bradley.

Firefox 3.5 zero-day flaw doesn't affect Win7

Normally, whenever you're unable to patch Internet Explorer, I just tell you to use Firefox. However, there's currently a zero-day vulnerability being exploited in Firefox 3.5. Several security firms were able to reproduce the problem in Vista but not in the Windows 7 release candidate.

The Mozilla Foundation's Security Blog recommends that you temporarily disable the javascript.options.jit.content setting in about.config; or, you can install and use the donationware NoScript add-on to disable JavaScript on a per-site basis. NoScript is available on the InformAction site.

If you're still running Firefox 3.0.1x, your system isn't vulnerable to this flaw. The 3.5 version has been buggy, and several sources � including Andrew R. Hickey on Channel Web's The Channel Wire � have even questioned whether version 3.5 was rushed out. It may be wise to wait before upgrading Firefox until the developers work out the kinks in 3.5.

23.7.2009 15:42 #11

sandeep14

keep us updated.

p.s. ive always been using NoScript.

13.8.2009 07:30 #12

wazzat

Just received notice Firefox 3.52 has been released. Is it safe to jump in?

16.8.2009 10:19 #13

creaky

Originally posted by wazzat: Just received notice Firefox 3.52 has been released. Is it safe to jump in? It sure is, it's working fine here across a few machines.

Forum Rules ~ http://forums.afterdawn.com/thread_view.cfm/2487 / Xbox softmodding software ~ http://forums.afterdawn.com/thread_view.cfm/557450

Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ Network - 3 node DD-WRT (v23 sp2) comprising: Linksys WRT54GS v6 & WRT54G v2 & WRT54G v5

16.8.2009 15:33 #14

wazzat

Thanks creaky I'll try it. :)

16.8.2009 22:03 #15

sandeep14

oops i forgot to update this. because i noticed i too had v3.5.2 which i was pleased to see be released and auto-update so quickly.

17.8.2009 09:19 #16

AfterDawn: News