A critical vulnerability notice has been posted by Mozilla regarding FireFox 3.5.

Users of Bayanihan5 (Kalumbata) who have updated their FireFox to this version need to modify their configuration to temporarily close this vulnerability while Mozilla works on a fix.

The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code. The vulnerability can be mitigated by disabling the JIT in the JavaScript engine. To do so:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to false.

Once users have received the security update containing the fix for this issue, they should restore the JIT setting to true by:

1. Enter about:config in the browser’s location bar.
2. Type jit in the Filter box at the top of the config editor.
3. Double-click the line containing javascript.options.jit.content setting the value to true.

More information can be found at http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/

Safe FOSSing! -- Rage