Mozilla has released an update version of Firefox that addresses a previously unpatched flaw that has become the target of hacking attacks over recent days.

Firefox 3.5.1 [1], released on Thursday, resolves a Just-in-Time (JIT) JavaScript compiler flaw in version 3.5 of the popular open source browser software, as explained in Mozilla's advisory here [2]. Exploits based on the vulnerability were posted on a security site on Tuesday so Mozilla deserves credit for acting promptly on what might otherwise have been a potentially nasty problem that posed [3] memory corruption and malware injection risks.

The latest update also corrects a performance issue [4] that resulted in slow start-up on Windows systems.

Users are advised to apply the update, remembering to re-enable the Just-in-Time compiler in cases where Mozilla's previously suggested workaround has been applied. ®

Links

1. http://www.mozilla.com/en-US/firefox/3.5.1/releasenotes/
2. http://www.mozilla.org/security/announce/2009/mfsa2009-41.html
3. http://secunia.com/advisories/35798/3
4. https://support.mozilla.com/tiki-view_forum_thread.php?forumId=1&comments_threshold=0&comments_parentId=381674&comments_offset=0&comments_per_page=20&thread_style=commentStyle_plain

Related stories

• Mozilla quickly patches Firefox flaw (28 October 2010)

  http://www.theregister.co.uk/2010/10/28/firefox_zeroday_patched/

• Post-Vista Windows flaw creates Blue Screen risk (8 September 2009)

  http://www.theregister.co.uk/2009/09/08/win_bsod_0day/

• MS Zero-day security bug was two years in the making (14 August 2009)

  http://www.theregister.co.uk/2009/08/14/ms_zero_day_long_gestation/

• Mozilla Store shuttered after vendor security breach (5 August 2009)

  http://www.theregister.co.uk/2009/08/05/mozilla_stores_shuttered/

• Adobe promises fix for critical Flash hole next week (24 July 2009)

  http://www.theregister.co.uk/2009/07/24/adobe_flash_patch_pre_alert/

• Firefox laggards offered security update (22 July 2009)

  http://www.theregister.co.uk/2009/07/22/older_firefox_update/

• Mozilla downplays risk from unpatched flaw (20 July 2009)

  http://www.theregister.co.uk/2009/07/20/firefox_flaw/

• Memory-hogging bug offers universal browser crash exploit (17 July 2009)

  http://www.theregister.co.uk/2009/07/17/universal_browser_crash_bug/

• Unpatched Firefox flaw lets fox into henhouse (14 July 2009)

  http://www.theregister.co.uk/2009/07/14/unpatched_firefox_bug/

• Orange UK exiles Firefox from call centres (8 July 2009)

  http://www.theregister.co.uk/2009/07/08/orange_and_ie6/

• Firefox 3.5 patch coming soon as Mozilla cranks up downloads (3 July 2009)

  http://www.theregister.co.uk/2009/07/03/mozilla_firefox_3_5_1/

• Chrome update completes busy browser patch week (12 June 2009)

  http://www.theregister.co.uk/2009/06/12/google_chrome_update/

• Firefox update squashes 9 security bugs, 4 critical (12 June 2009)

  http://www.theregister.co.uk/2009/06/12/firefox_update/

• Firefox users flip out over sneak MS add-on (1 June 2009)

  http://www.theregister.co.uk/2009/06/01/ms_firefox_extension_row/