FireFox may need asbestos suit

Filed Under: SophosLabs

There's been quite a bit of buzz about the latest zero-day FireFox exploit. For those not in the know, it's a vulnerability in how JavaScript code is handled by their new TraceMonkey component. So this exploit only works in 3.5.x. Mozilla has confirmed that this bug doesn't affect 3.0.x.

There's two ways to work around this until a patch is released. The first: Use NoScript. This add-on blocks Java, JavaScript, Flash, IFrames and other potential sources of malicious code. You can whitelist trusted sites and can also temporarily allow sites. Now the potential downside is that it can behave like a "click nanny" and it may take several clicks on "Allow ..." or "Temporarily allow ..." to get the page you want to see to work. However, it really doesn't take long to balance security and usability.

The second workaround is to disable the vulnerable component. These instructions were posted here and are pretty straightforward. Remember, this is only for FireFox 3.5.x:

open up a new Firefox window and type "about:config" (without the quotes) in the browser's address bar. In the "filter" box, type "jit" and you should see a setting called "javascript.options.jit.content". You should notice that beside that setting it reads "true," meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to "false."

One thing to remember is that the main feature of TraceMonkey was to speed up scripts, so the second workaround will slow script rendering a bit.

It's unfortunate this came to light when there are two Microsoft Internet Explorer exploits also making news - as a result Mozilla seems to be getting more flak than usual about it. Sophos is detecting the exploit code as Mal/JSShell-B.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Beth Jones Senior Threat Researcher, SophosLabs US Beth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.