Weekly Edition
Return to the Security page
| |||||||||||||
JITter Bug (Linux Journal)
Linux Journal
looks into a security problem with Mozilla's
just-in-time compiler.
"Two weeks ago, Mozilla was celebrating the triumphant release of the much-delayed Firefox 3.5. The browser brings its users a pantheon of new features, with perhaps the most celebrated being the TraceMonkey JavaScript engine, said to provide speed enhancements twice as fast as Firefox 3.0 and up to ten times that of Firefox 2.0.
One element of the acclaimed performance booster is giving its developers something of a headache this week, however. The first zero-day exploit for Firefox 3.5 was revealed publicly on Monday, in the form of a vulnerability in the browser's Just-in-time compiler."
(Log in to post comments)
JITter Bug (Linux Journal) Posted Jul 16, 2009 19:02 UTC (Thu) by Thue (subscriber, #14277) [Link]
Set 'javascript.options.jit.content' in about:config to false until the patch is released.
JITter Bug (Linux Journal) Posted Jul 17, 2009 1:42 UTC (Fri) by MisterIO (guest, #36192) [Link]
I set it, but I wonder if I'll ever remember to set it back to true!
feedproxy.google.com again Posted Jul 16, 2009 19:41 UTC (Thu) by JesseW (guest, #41816) [Link]
You have a feedproxy.google.com redirection in the URL again. The direct URL is: http://www.linuxjournal.com/content/jitter-bug
JITter Bug (Linux Journal) Posted Jul 16, 2009 20:50 UTC (Thu) by JoeF (subscriber, #4486) [Link]
From reading the bugzilla thread, it seems that the bug was known, and the exploit was just one of their test cases.
So, they were probably going to work on it some time later, but kept the bug report visible to everybody, which is of course an invitation to take the exploit...
JITter Bug (Linux Journal) Posted Jul 16, 2009 21:00 UTC (Thu) by JoeF (subscriber, #4486) [Link] The bugzilla thread I referred to:https://bugzilla.mozilla.org/show_bug.cgi?id=503286 In particular, comment #34: "It would seem that the milw0rm exploit code is based on the testcases for this bug."
JITter Bug (Linux Journal) Posted Jul 17, 2009 2:30 UTC (Fri) by njs (guest, #40338) [Link]
> the exploit was just one of their test cases.
That's a little misleading... their test case was a *crash*, not an exploit; someone used it as a starting point for writing the exploit itself. From reading the history, they probably should have realized that this particular crash might be exploitable about a week ago, but apparently the particular engineer dealing with it was insufficiently paranoid to notice. (As for "going to work on it later", they did have a patch before there was an exploit; the exploit came out while it was going through the review/revision process.)
Great anecdote for future talks on security and disclosure, and I hope they tune their policies better. (I will bet, though, that this engineer won't make that mistake again! Man, I'm glad my errors don't generate news articles.)
JITter Bug (Linux Journal) Posted Jul 17, 2009 3:56 UTC (Fri) by roc (subscriber, #30627) [Link]
It's actually great when your errors generate news articles. OK it sucks in many ways, but at least it means your work is having impact.
JITter Bug (Linux Journal) Posted Jul 17, 2009 6:29 UTC (Fri) by nix (subscriber, #2304) [Link]
It means your code is being used, but is probably undetectably
infrastructural until you make a tiny error and generate news articles.
JITter Bug (Linux Journal) Posted Jul 17, 2009 2:36 UTC (Fri) by lordsutch (guest, #53) [Link] Firefox 3.5.1 has been released; presumably this is one of the bugs fixed.
JITter Bug (Linux Journal) Posted Jul 17, 2009 12:35 UTC (Fri) by sward (subscriber, #6416) [Link]
Yes, it was.
|
|||||||||||||