Firefox 3.5 boasts of screaming fast JavaScript performance — almost twice as fast as Firefox 3. Firefox 3.5 attributes its dramatically better JavaScript performance to the TraceMonkey Just-in-time (JIT) JavaScript compiler. However, a serious remote buffer overflow security exploit was discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler, which enables the execution of malicious code.
An attacker can trick a victim to view a webpage containing the exploit code, thereby infecting the victim’s machine. Fortunately, the JIT JavaScript compiler can be disabled. Type about:config in the location bar and jit in the filter on the config page. Double click javascript.options.jit.content to set the value to false to disable JIT. You can also disable JIT by running Firefox in Safe Mode. You will see a drastic decrease in JavaScript performance by disabling JIT but you can enable it, when this exploit is patched, by setting the javascript.options.jit.content to true.
Disable JIT in Firefox 3.5
The security exploit has already been patched in nightly build 3.6 on July 14 available here. The patch will be a part of the 3.5.x release which was initially scheduled for the end of July but has been moved up.
Related posts:
