The vulnerability arises when the browser processes JavaScript code to handle HTML font tags, the advisory said. An exploit can cause a memory corruption buffer overflow, which could lead to a compromise on an affected system.
“If your browser (Internet Explorer, Firefox, etc.) or its plug-ins (Adobe Flash Player, QuickTime, Sun Java, etc.) contain vulnerabilities, then you're exposed to security threats every single time you visit a website,” Secunia spokesman Mikkel Winther told SCMagazineUS.com in an email.
No patch is available yet from Mozilla, though exploit code has been posted on exploit repository milw0rm, which has reopened after temporarily shutting down.
Until a patch from Mozilla is available, US-CERT has encouraged users and administrators to disable JavaScript to mitigate any risks associated with the vulnerability. On its site, US-CERT describes a method to turn JavaScript off.
If that is untenable, Secunia said the best way to avoid being infected is to practise safe web surfing.
“We can only recommend that users refrain from visiting untrusted websites,” Winther said.
See original article on scmagazineus.com
Security bug found in latest version of Firefox
An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers

See everything. Do more.

Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Diamond IT Delivers GRC Transformation with Microsoft Purview

Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy