Firefox 3.5.1 Released to Patch TraceMonkey Vulnerability

39
Article Source Ars Technica
July 19, 2009, 5:35 pm

Mozilla has announced the availability of Firefox 3.5.1, the first minor point release in the 3.5 series. The purpose of this release was largely to patch a critical security vulnerability that was found in the browser’s new TraceMonkey JavaScript engine.

In a report submitted to Mozilla’s bug tracking system on July 9, Firefox user “zbyte” described a bug that causes the browser to crash when text is typed into an input box in the site apport.ru. Firefox developers attempted to isolate the bug and produce a minimal test case that exhibits the crash. They determined that the apport.ru crasher was triggered by a certain usage of JavaScript’s “escape” function, which performs string encoding. The underlying problem, however, is a tracing bug.