bit-tech.net

Firefox fix released for JavaScript flaw

Firefox fix released for JavaScript flaw

If you haven't been treated to the update screen recently, now would be a good time to get better acquainted.

The Mozilla foundation has released another version of Firefox, release 2.0.0.14, to fix a flaw in the JavaScript garbage collector in prior editions. If you've been asked to restart Firefox recently, that'll be why.

The finger for these latest problems is being pointed at poorly implemented fixes for a prior issue covering security holes in the JavaScript engine used by the popular open-source browser. The bug, which would result in crashes with evidence of memory corruption and the possibility for remote code execution, was supposedly fixed in the previous 2.0.0.13 release.

The developers of the browser were alerted to stability problems relating to the JavaScript garbage collection process – a procedure whereby memory space can be reclaimed when it's no longer being used by an applet – by a Bugzilla posting.

Although the team can't find any evidence that the flaw can result in remote code execution, it has been patched as a high-priority issue due to previous garbage collector issues having known exploits in the wild – exploits which could feasibly be adapted to take advantage of this latest bug.

Although running script blockers like NoScript mitigates the effect of the bug, it's still a pretty good idea to upgrade to version 2.0.0.14 if you haven't done so already.

Any Firefox users suffered instabilities since installing 2.0.0.13 that could be attributed to this bug, or has it all been plain sailing? Share your thoughts over in the forums.

11 Comments

Discuss in the forums Reply
Smilodon 18th April 2008, 10:40 Quote
Whohoo!

I have had some problems with this lately. Some of the commercial banners on some of the newspapers I read daily made FF crash. Hopefully this should fix it :)
Cobalt 18th April 2008, 11:12 Quote
That explains quite a lot. When using stumble upon, pages would sometimes cause a crash if they contained javascript. Usually they'd load fine on a restart.
r4tch3t 18th April 2008, 12:19 Quote
Hopefully this will get fixed on FF3 Beta as well, I get quite a few crashes on the Uni website that uses java.
Anakha 18th April 2008, 13:46 Quote
The FF3 Beta uses a totally new JS interpreter and GC.
[USRF]Obiwan 18th April 2008, 15:04 Quote
its typical when Microsoft enforced an IE update, the world falls over it. And we web-developers still have to write compatible code for absolute old browser versions like IE5.5 and IE6.x. But if firefox forces a upgrade all is good and shiny...
Gareth Halfacree 18th April 2008, 15:22 Quote
Quote:
Originally Posted by [USRF
Obiwan]But if firefox forces a upgrade all is good and shiny...
But it only 'forces' an upgrade if you've selected "Automatically download and install the update" in Preferences -> Advanced -> Updates. If you've selected "Ask me what I want to do" or just un-ticked "Check for updates to Firefox" then it doesn't.

Plus, I'm confused by your reference to web developers writing "compatible code" - this update is purely to fix a bug in the JavaScript garbage collection process. There's no change to the rendering engine whatsoever, so there's no need to change any coding to accommodate this point release.
DougEdey 18th April 2008, 15:50 Quote
FF3B* doesn't work with HSBC internet banking.
r4tch3t 18th April 2008, 23:19 Quote
Do we know if its FF3B* that doesn't work with certain Java websites or are the websites poorly coded?
Mr T 20th April 2008, 10:04 Quote
FF3 Beta 5 works fine with HSBC online banking. It keeps crashing on burning on me though when browsing random forums.
kno3 20th April 2008, 11:18 Quote
Quote:
Originally Posted by DougEdey
FF3B* doesn't work with HSBC internet banking.

Works fine for me. What is happening with you?
DougEdey 14th May 2008, 09:43 Quote
Sorry for the delayed response, it started to work again.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums