Firefox fix released for JavaScript flaw

April 18, 2008 // 10:23 a.m.

Tags: #20013 #20014 #browser #bug #firefox #flaw #javascript #noscript #update

The Mozilla foundation has released another version of Firefox, release 2.0.0.14, to fix a flaw in the JavaScript garbage collector in prior editions. If you've been asked to restart Firefox recently, that'll be why.

The finger for these latest problems is being pointed at poorly implemented fixes for a prior issue covering security holes in the JavaScript engine used by the popular open-source browser. The bug, which would result in crashes with evidence of memory corruption and the possibility for remote code execution, was supposedly fixed in the previous 2.0.0.13 release.

The developers of the browser were alerted to stability problems relating to the JavaScript garbage collection process – a procedure whereby memory space can be reclaimed when it's no longer being used by an applet – by a Bugzilla posting.

Although the team can't find any evidence that the flaw can result in remote code execution, it has been patched as a high-priority issue due to previous garbage collector issues having known exploits in the wild – exploits which could feasibly be adapted to take advantage of this latest bug.

Although running script blockers like NoScript mitigates the effect of the bug, it's still a pretty good idea to upgrade to version 2.0.0.14 if you haven't done so already.

Any Firefox users suffered instabilities since installing 2.0.0.13 that could be attributed to this bug, or has it all been plain sailing? Share your thoughts over in the forums.

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU