Firefox 3.5 release came with a new JavaScript engine Tracemonkey for faster rendering of the JavaScript pages. But the release also has a critical vulnerability that lies in Just-in-time (JIT) JavaScript compiler. Mozilla is working on a fix to patch the vulnerability.
The security hole allows a hacker to execute malicious code on a user machine, if he can trick the user to open a webpage containing the exploit. Mozilla is working on a patch for the bug and it will be released in the next few days, meanwhile Mozilla blog advises Firefox 3.5 users to temporarily disable JIT compiler from the about:config menu.
Here is what you have to do to disable JIT. Enter about:config in the browser address bar, type jit in the Filter box at the top of the config editor. Double click the line containing javascript.options.jit.content, it will set the value to false.
Disabling JIT will result in decreased Javascript performance, Mozilla warns. This is a temporary fix, after receiving the security update you can re enable it by doing the above procedure once again.
This vulnerability only affects Firefox 3.5 users and it won’t effect Firefox 3.0 users.