Highly Critical Firefox Error

Easy Fix Available. Upgrade on the Way.


Firefox users, beware. The newest version, released early in July, has a boo-boo. Secunia, the Danish security hawk, pegged Firefox with a “highly critical” error, describing “remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure.” In commonspeak, that means that unkind people can break your browser because of a JavaScript processing error. Sample exploit codes are already floating around on the Web, enabling the next malicious hacker to victimize an unsecured browser.


The security-compromising problem stems from erroneous JavaScript processing. The vulnerability allows a gateway for hackers to execute exploit codes on unprotected systems. Thus, the JavaScript error is a reputation-jarring event for the otherwise steady Firefox.



Mozilla released information about the glitch in their security blog early in the week. They described the error by stating, “the vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code.”


Thankfully, there are fixes that you as a user can implement in order to plug the hole until Firefox releases the repair patch, expected sometime soon.


One option for remediating the flaw is to follow instructions from the United States Computer Emergency Readiness Team (US-CERT). This fix advises changing the about:config interface to disable the TraceMonkey system, which is the gateway for the error.


Computer security guru Brian Krebs lays out the solution very simply. Disabling the faulty TraceMonkey takes a handful of clicks and it took me less than one minute. Although my browsing might slow down a bit, I can at least have the assurance that my system is that much more stable. According to Mozilla’s recommendations, I will restore the speedy JavaScript processing option once the new patch is released.


It was only recently that Mozilla bragged on Firefox’s new “screaming fast performance” due to their TraceMonkey JavaScript engine. Security, too, was a hot-button feature for the new browser. Their site described the upgrades of an “anti-phishing and anti-malware technologiesprivate browsingforget this site” features and other keep-you-safe assurances. Sadly, this error is a poke in the eye for both security and speed.


Firefox won’t let the problem persist for very long. Already, Firefox engineers are busily working around the clock to fix the issues, iron out the wrinkles, and release a new version once they’ve finished testing it. Users will then be able to download the fix, and be on their way to faster, and more secure browsinghopefully.

Leave a comment