Confirmation of Vulnerability of Mozilla Firefox 3.5

Firefox_BugDayConfirmation of Firefox 3.5 has officially been made by the Mozilla Company. They suspect that the bug could be used to seize Mozilla’s most recently launched browser’s system.

Some have noted that it is possible that the hacker discovered the weakness by finding the source through the Mozilla change and bug- (aptly named ‘Bugzilla’) tracking database and information system. Then he posted the exploit code publicly online thereafter.

Mozilla explains that the bug is in the engine of TraceMonkey Javascript that was launched alongside Firefox 3.5. According to Mozilla’s security blog, internet hackers can lure users to view webpages with malicious content and once they go on, they can exploit the user’s system.

The bug was evaluated as a ‘highly critical’ vulnerability by a Danish security company called Secunia, which is the level next to the highest level on Secunia’s rating system. They also added that the weakness can be traced to the processing of the Javascript code by TraceMonkey which manages the HTML tags for fonts. According to the Director of Community Development of Mozilla, Asa Dotzler, previous versions of Firefox do not suffer from this vulnerability. He also assures the public that developers at Mozilla are working on a solution for this problem and will be releasing a security updated for Firefox as soon as the solution is tried and tested.

For those users without the patch, you can still protect yourself from this vulnerability by going to the component ‘just in time’ of the TraceMonkey engine and disabling it. This can be done by (1) typing in ‘about:config’ in Firefox 3.5 browser’s URL bar; (2) entering ‘jit’ in the filter box; and (3) double-clicking on the ‘javascript.options.jit.content’ and setting the value from ‘true’ to ‘false’. Another way to defend one’s system against attacks is to use the NoScript add-on of Firefox.

Even before exploit code was recently broadcasted online on milw0rm.com, the internet hacker who published it was not the first to discover the vulnerability. In fact, developers from Mozilla had already come across this discovery less than a week before the publishing of the exploit code and were already developing a solution for it.

Andres Gal, project scientist at University of California at Irvine contends that upon close inspection of previous test cases and the exploit code, this bug was a self-inflicted one, and in retrospect, Mozilla should have dealt with it earlier on. The foundation of the development of the TraceMonkey engine is built on the sharing of open source code in the technique “trace trees” used in a project called Tamarin Tracing. Others agree that Bugzilla was built on the test cases of the same bug, and when looking through the debugger’s crash details during testing, it was clear that the code could be easily detected and exploited.

As of July 2009, there is a schedule for the fast-track update for Firefox 3.5 to be released before the end of the month. According to Daniel Veditz, Mozilla’s security lead, the update is being prioritized and has been worked on even before the posting on milw0rm. Although the original update was scheduled originally for the end of July, the problem has caused them to release it ahead of schedule, a short time after Firefox 3.5’s recent launch on June 30, 2009.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.