As Beth reported on the SophosLabs blog a couple of days ago, there has been a lot of concern about a vulnerability in the recently released Firefox 3.5.
The bug in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly, and could be exploited by hackers to run malicious code on your computer.
Mozilla, the makers of Firefox, suggested disabling JIT temporarily and others will have used the NoScript addon to increase their level of security.
However, what the Firefox-using world really wanted was a proper fix, and that’s now arrived.
Mozilla has released version 3.5.1 of Firefox which reportedly fixes the critical vulnerability, and users are strongly recommended to upgrade as soon as possible.
By the way, if you’re still living in the Stone Age and running Firefox 2.0, please be aware that that version hasn’t been supported by Mozilla for some time now, and you won’t be properly protected when you’re surfing online.
The problem is that Firefox 2.0 doesn’t shut itself down, you can carry on using it forever if you want – it’s just that you won’t benefit from any more security fixes. And in a world where attacks are increasingly web-based, that’s not a good thing.
So, hear the message loud and clear. Update to Firefox 3.5.1.
