SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#443060

Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory vulnerability

Overview

Mozilla Firefox's javascript engine contains a vulnerability that may allow an attacker to execute code.

I. Description

Mozilla Firefox version 3.5 contains a vulnerability in the TraceMonkey components of Firefox's JavaScript engine.

Per Mozilla Bug Bug 503286:
"This is a JS engine bug dealing with deep bailing not properly restoring the return value from the result of the (fast native) escape function. We then try to do something with the uninitialized memory and crash in the interpreter."

Note that proof of concept code that demonstrates issue this is publicly available.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause Firefox to crash.

III. Solution

Firefox 3.5.1 has been released to address this issue. See Mozilla Foundation Security Advisory 2009-41 for more information. Until updates can be applied, the below workarounds may mitigate this issue.

Disable TraceMonkey

To disable the vulnerable components, use the about:config interface to set javascript.options.jit.content and javascript.options.jit.chrome to false. This will still allow JavaScript to run, but it will disable the TraceMonkey performance enhancements.

Use NoScript

Using the Mozilla Firefox NoScript extension to whitelist web sites that can run scripts will help to mitigate this vulnerability. Further details for configuring NoScript are available in the Securing Your Web Browser document.

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

Systems Affected

VendorStatusDate NotifiedDate Updated
MozillaVulnerable2009-07-14

References


http://www.mozilla.org/security/announce/2009/mfsa2009-41.html
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
https://bugzilla.mozilla.org/show_bug.cgi?id=503286
http://milw0rm.com/exploits/9137
http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html?wprss=securityfix

Credit

Information from zbyte, Mozilla, and other sources was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:2009-07-09
Date First Published:2009-07-14
Date Last Updated:2009-07-17
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:40.50
Document Revision:21

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader