Has not been released long time, the latest version of Firefox 3.5, is facing a new problem. US-Cert (Computer Emergency Response Team) released a warning, on Tuesday (14 / 7), the browser that Firefox 3.5 has a defense system is vulnerable attacked attacker remotely (remote attacker) to smuggle malicious code.
More details, the vulnerability of the Firefox 3.5 related to how Firefox process JavaScript code. Examples of malicious code itself is shown Monday (13 / 7) on the site Milw0rm, com, a site about the exploitation of dangerous code. This raise the possibility that rentannya Firefox 3.5 has begun empowered.
The Mozilla own vulnerability already know this problem and begin to repair the pilot. However, until now not yet finished its penambal patch developed. Therefore, Mozilla released advice to reduce the risk of attack.
"Vulnerability can be exploited if the attacker he trepan computer users to view sites that have malicious code," say the Mozilla Security Blog at them. However, Firefox's vulnerabilities can be peringan way off the JIT in the Javascript Engine
To turn off the Javascript engine can be done with three steps. First, type about: config in the Firefox browser your search. Second, type in the JIT in the filter that is located on the config editor. Third, double-click the line javascript.options.jit.content to change valuenya to be false.
As an alternative way, noscript plug-in can also be used to turn off all JavaScript in the browser.
Vulnerability of this problem have also got many responses from some computer company in the world. Secunia, a company in the field of computer security and is based in Denmark for example, assessing the vulnerability of Firefox 3.5 is very critical and can even affect an older version of Firefox.
F-Secure, a Finnish company's origin in the same field with Secunia also add Exploit Shield software that can prevent the use of code-malicious code to attack Firefox 3.5.
source: kompas.com
More details, the vulnerability of the Firefox 3.5 related to how Firefox process JavaScript code. Examples of malicious code itself is shown Monday (13 / 7) on the site Milw0rm, com, a site about the exploitation of dangerous code. This raise the possibility that rentannya Firefox 3.5 has begun empowered.
The Mozilla own vulnerability already know this problem and begin to repair the pilot. However, until now not yet finished its penambal patch developed. Therefore, Mozilla released advice to reduce the risk of attack.
"Vulnerability can be exploited if the attacker he trepan computer users to view sites that have malicious code," say the Mozilla Security Blog at them. However, Firefox's vulnerabilities can be peringan way off the JIT in the Javascript Engine
To turn off the Javascript engine can be done with three steps. First, type about: config in the Firefox browser your search. Second, type in the JIT in the filter that is located on the config editor. Third, double-click the line javascript.options.jit.content to change valuenya to be false.
As an alternative way, noscript plug-in can also be used to turn off all JavaScript in the browser.
Vulnerability of this problem have also got many responses from some computer company in the world. Secunia, a company in the field of computer security and is based in Denmark for example, assessing the vulnerability of Firefox 3.5 is very critical and can even affect an older version of Firefox.
F-Secure, a Finnish company's origin in the same field with Secunia also add Exploit Shield software that can prevent the use of code-malicious code to attack Firefox 3.5.
source: kompas.com
0 comments:
Post a Comment