Firefox fix released for JavaScript flaw

Author: Gareth Halfacree
Published: 18th April 2008
Comments (11) Stumble
If you haven't been treated to the update screen recently, now would be a good time to get better acquainted.

If you haven't been treated to the update screen recently, now would be a good time to get better acquainted.

The Mozilla foundation has released another version of Firefox, release 2.0.0.14, to fix a flaw in the JavaScript garbage collector in prior editions. If you've been asked to restart Firefox recently, that'll be why.

The finger for these latest problems is being pointed at poorly implemented fixes for a prior issue covering security holes in the JavaScript engine used by the popular open-source browser. The bug, which would result in crashes with evidence of memory corruption and the possibility for remote code execution, was supposedly fixed in the previous 2.0.0.13 release.

The developers of the browser were alerted to stability problems relating to the JavaScript garbage collection process – a procedure whereby memory space can be reclaimed when it's no longer being used by an applet – by a Bugzilla posting.

Although the team can't find any evidence that the flaw can result in remote code execution, it has been patched as a high-priority issue due to previous garbage collector issues having known exploits in the wild – exploits which could feasibly be adapted to take advantage of this latest bug.

Although running script blockers like NoScript mitigates the effect of the bug, it's still a pretty good idea to upgrade to version 2.0.0.14 if you haven't done so already.

Any Firefox users suffered instabilities since installing 2.0.0.13 that could be attributed to this bug, or has it all been plain sailing? Share your thoughts over in the forums.
Quote Smilodon 18th April 2008, 10:40
Whohoo!

I have had some problems with this lately. Some of the commercial banners on some of the newspapers I read daily made FF crash. Hopefully this should fix it :)
Quote Cobalt 18th April 2008, 11:12
That explains quite a lot. When using stumble upon, pages would sometimes cause a crash if they contained javascript. Usually they'd load fine on a restart.
Quote r4tch3t 18th April 2008, 12:19
Hopefully this will get fixed on FF3 Beta as well, I get quite a few crashes on the Uni website that uses java.
Quote Anakha 18th April 2008, 13:46
The FF3 Beta uses a totally new JS interpreter and GC.
Quote [USRF]Obiwan 18th April 2008, 15:04
its typical when Microsoft enforced an IE update, the world falls over it. And we web-developers still have to write compatible code for absolute old browser versions like IE5.5 and IE6.x. But if firefox forces a upgrade all is good and shiny...
Quote Gareth Halfacree 18th April 2008, 15:22
Quote:
Originally Posted by [USRF
Obiwan]But if firefox forces a upgrade all is good and shiny...
But it only 'forces' an upgrade if you've selected "Automatically download and install the update" in Preferences -> Advanced -> Updates. If you've selected "Ask me what I want to do" or just un-ticked "Check for updates to Firefox" then it doesn't.

Plus, I'm confused by your reference to web developers writing "compatible code" - this update is purely to fix a bug in the JavaScript garbage collection process. There's no change to the rendering engine whatsoever, so there's no need to change any coding to accommodate this point release.
Quote DougEdey 18th April 2008, 15:50
FF3B* doesn't work with HSBC internet banking.
Quote r4tch3t 18th April 2008, 23:19
Do we know if its FF3B* that doesn't work with certain Java websites or are the websites poorly coded?
Quote Mr T 20th April 2008, 10:04
FF3 Beta 5 works fine with HSBC online banking. It keeps crashing on burning on me though when browsing random forums.
Quote kno3 20th April 2008, 11:18
Quote:
Originally Posted by DougEdey
FF3B* doesn't work with HSBC internet banking.

Works fine for me. What is happening with you?
Quote DougEdey 14th May 2008, 09:43
Sorry for the delayed response, it started to work again.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



XFX 790i SLI


Affordable hosting at TSOhost
Stats: 0.073 seconds