Building The Net

Mozilla announced today that it’s new browser, Firefox 3.5 is vulnerable to a new JavaScript exploit that was introduced in the new TraceMonkey JavaScript Engine that was added to the new release.

This exploit could allow someone to hijack a users machine. THIS IS BAD!

The exploit went public today, July 16th, 2009 and there is currently no patch available. If you are running the new Firefox browser, it is recommended that you turn off the “just-in-time” component of the TraceMonkey engine.  To do this, you should enter “about:config” in your browser’s address bar, type “jit” in the filter box, then double-click the “javascript.options.jit.content” entry to set the value to “false.”

— Stu