AKS™ – Feel The Change!

    A bug discovered earlier this week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly by S.Berry on milw0rm. Just after three days worth of testing later, Mozilla has pushed out Firefox 3.5.1, with a fix for this error as well as corrections for several other bugs.

    “ Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.”

    The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Oddly enough, TraceMonkey was already set to be patched this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5. In other words, while vulnerabilities like this are horrible, this one came at a perfect time as developers were already giving TraceMonkey a thorough cleaning.

Features:-

• Super Speed new
  View Web pages way faster, using less of your computer’s memory.
• Anti-Phishing & Anti-Malware improved
  Enjoy the most advanced protection against online bad guys.
• Session Restore improved
  Unexpected shutdown? Go back to exactly where you left off.
• One-Click Bookmarking
  Bookmark, search and organize Web sites quickly and easily.
• Easy Customization improved
  Thousands of add-ons give you the freedom to make your browser your own.
• Tabs improved
  Do more at once with tabs you can organize with the drag of a mouse.
• Instant Web Site ID
  Avoid online scams, unsafe transactions and forgeries with simple site identity.

      I strongly recommend that all firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. You can download Firefox 3.5.1 from official Mozilla site.

Download Firefox 3.5.1

         If you want to upgrade your Firefox to the latest 3.5 then think again.

     SBerry released code on Milw0rm, has issued an advisory warning of a memory corruption error in Mozilla’s newest version of Firefox, version 3.5. The vulnerability, if exploited, allows code execution that could lead to system compromise.

       The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Here is SBerry Posted code.

     Secunia is offering advice to Firefox users that until this newest vulnerability is patched, they should avoid untrusted websites and links. However, Brian Krebs took the smart road in his advice on the issue. Krebs, who is a reporter for the Washington Post, advised his users to disable "javascript.options.jit.content" in about:config. This fix has a drawback however, it will lower the rendering speeds of JavaScript, which is one of the major performance improvements in Firefox 3.5. If you are willing to take the trade, then his fix should work fine.

DNS INFORMATION LEAK

     There is another little glitch in firefox that exposes DNS information for users wanting to remain anonymous using proxy settings.

    Tw1zl3r reports that, “The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.”

      However, some users who tested his point wonder if the DNS leak has more to do with an add-on than Firefox itself. However, if it is a Mozilla issue, then it would need to be addressed as soon as possible.

[Source]

       Mozilla Firefox is a small, fast and very easy to use browser that offers many advantages over other web browsers, such as the ability to block pop-up windows and the tabbed browsing.

     On 21 April 2009 they released 3.0.9 and yesterday they released 3.0.10.They are too fast as their browser

What’s New in Firefox 3.0.10

      Firefox 3.0.10 fixes two issues found in Firefox 3.0.9:

• Fixed a security issue.
• Fixed a major stability issue.

         The award-winning Web browser is better than ever. Browse the Web with confidence. Firefox protects you from viruses, spyware and pop-ups.

       Enjoy improvements to performance, ease of use and privacy. It’s easy to import your favorites and settings and get started.

      The latest version delivers easier navigation for everyone, including those who are visually or motor-impaired. Firefox is the first browser to support DHTML accessibility, which, when enabled by Web authors, allows rich Web applications to be read aloud. Users may navigate with keystrokes rather than mouse clicks, reducing the tabbing required to navigate documents such as spreadsheets. Firefox is also the first browser to meet US federal government requirements that software be easily accessible to users with physical impairments.

           Key features of "Firefox":

• Comprehensive popup controls to keep unwanted advertising off your desktop.
• A tab browsing mode that lets you open several pages in a single window, allowing you to load links in the background without leaving the page you’re on.
• Integrated search (powered by Google).
• Industry leading accessibility with Find As You Type – find links and page text by simply typing.
• Simplified privacy controls that let you cover your tracks more effectively.
• A streamlined browser window that lets you see more of the page than any other browser while at the same time being more configurable.
• A large variety of free downloadable extensions and themes that add specific functionality and visual changes to  the browser.

        Fixed Two security issue in Firefox 3.0.8

         MFSA 2009-13 Arbitrary code execution through XUL <tree> element
         MFSA 2009-12 XSL Transformation vulnerability

       Download Firefox 3.0.8