Mozilla says the bug “could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.” The workaround that involved disabling the JIT compiler is no longer necessary in the latest version.
The bug discovery pushed 3.5.1 to be released ahead of schedule and the JIT compiler vulnerability is the only security issue resolved, but the latest version also includes some other bug fixes Mozilla developers were working on, like some stability problems and also an issue that made the browser have unusually long load times on some Windows machines.
Mozilla is urging all Firefox 3.5 users to upgrade and will also release 3.5.1 though its automated update system. All versions of Firefox 2 are no longer supported, have known vulnerabilities and should also be updated as soon as possible. Note that Google Gears 0.5.29.0, which brought compatibility with Firefox 3.5, is no longer working with 3.5.1.
“We strongly recommend that all Firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting ‘Check for Updates…’ from the Help menu,” Browser Director Mike Beltzner writes in a blog post.
Firefox 3.5.1 for Windows can be downloaded here.
Firefox 3.5.1 for Linux can be downloaded here.
Firefox 3.5.1 for Mac OS X can be downloaded here.