The vulnerability arises when the browser processes JavaScript code to handle HTML font tags, the advisory said. An exploit can cause a memory corruption buffer overflow, which could lead to a compromise on an affected system.
“If your browser (Internet Explorer, Firefox, etc.) or its plug-ins (Adobe Flash Player, QuickTime, Sun Java, etc.) contain vulnerabilities, then you're exposed to security threats every single time you visit a website,” Secunia spokesman Mikkel Winther told SCMagazineUS.com in an email.
No patch is available yet from Mozilla, though exploit code has been posted on exploit repository milw0rm, which has reopened after temporarily shutting down.
Until a patch from Mozilla is available, US-CERT has encouraged users and administrators to disable JavaScript to mitigate any risks associated with the vulnerability. On its site, US-CERT describes a method to turn JavaScript off.
If that is untenable, Secunia said the best way to avoid being infected is to practise safe web surfing.
“We can only recommend that users refrain from visiting untrusted websites,” Winther said.
See original article on scmagazineus.com
Security bug found in latest version of Firefox
An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Protect APIs. Protect Your Business.

KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Saviynt Simplifies GRC and Access Control for SAP and Beyond