Mozilla moves fast to fix security flaw

Mountain View, California – Mozilla has released an update to Firefox that fixes a security flaw discovered in the last week.

The company has moved fast to make Firefox 3.5.1 available for Windows, Mac, and Linux users as a free download. It resolves a Just-in-Time (JIT) JavaScript compiler flaw in version 3.5 which left users at risk of memory corruption and malware infection.

Last week, “SBerry” posted proof of concept code that exploited the way Firefox 3.5 processes JavaScript code when handling FONT tags in HTML.

“In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker,” said Mozilla. The security advisory is here.

Existing users of Firefox 3.5 will receive an automated update notification in the next 24 hours or so. Others can upgrade to Firefox 3.5 by downloading Firefox 3.5.1 here.