Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 17th, 2008

JavaScript Bug Patched By Mozilla In Firefox

Mozilla updated its Firefox web browser on Wednesday in response to the discovery of a vulnerability involving its Javascript Garbage Collector function. The vulnerability means that memory corruption might be caused through specially-crafted Javascript code. Successful exploitation creates a means to execute arbitrary code on vulnerable systems.

Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.

The vulnerability is reported in version of the popular open source browser. Earlier versions may also be affected. Surfers are advised to update to version

Users running Firefox can call up the browser’s built in updater, or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.

Share this item with others:

More on CyberInsecure:
  • Firefox Is Out
  • Password Bug Fixed Sooner Than Expected in Firefox 3.0.3
  • Numerous Securty Vulnerabilities Patched In Firefox 3.0.5
  • Five Vulnerabilities Patched In Firefox 3.0.2 and, Two Of Them Are Critical
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: JavaScript Bug Patched By Mozilla In Firefox

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word