Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla’s security response team has rushed out a patch to protect users from code execution attacks.
With Firefox 3.5.1, rated a “critical” update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.
In certain cases after a return from a native function, such as
escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.
This vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.
Separately, a new version of Google Chrome was released to patch a pair of security flaws that could allow malicious code execution if a Chrome user simply surfs to a booby-trapped Web page.
The skinny from Google:
The second vulnerability could allow a compromised renderer (tab) process to cause the browser process to allocate very large memory buffers.
This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.