Mozilla's Firefox 3.5.1 Addresses TraceMonkey Flaw

Dennis Faas's picture

Mozilla has released the first minor point release in its Firefox 3.5 series, Firefox 3.5.1. The reason? To fix a critical security flaw within the browser's TraceMonkey JavaScript engine.

Rest assured, TraceMonkey itself, despite the suspicious name, is not a new Conficker virus or something of the sort. On the contrary, TraceMoney is a tool created by Mozilla that improves the JavaScript web browser performance through something called a just-in-time, or JIT compilation engine. Simply put, JIT compiles code earlier and improves the performance of the Mozilla web browser.

Mozilla Tracing Problem Since July 9th

Unfortunately, Mozilla has been facing issues with the TaceMonkey engine for about a week and a half.

Back on July 9th, the company received a complaint about Firefox from user known as 'zbyte,' who identified a bug capable of forcing the browser to crash after text is entered into an input box. The project for Firefox developers was to try and isolate the problem in order to better understand the issue -- in the end (and without getting into too much technical detail), the developers discovered the crash was the result of string code handling.

Update ASAP, Firefox Execs Plead

Since it was first reported, Mozilla investigators found that the bug could be exploited for nefarious purposes. According to security researcher Simon Berry-Byrne, a malicious web page could use the TraceMonkey hole to execute arbitrary code. (Source:

It's believed that the Firefox 3.5.1 update solves the initial TraceMonkey flaw, but in launching further tests Mozilla researchers have actually discovered another flaw. Luckily, early reports suggest it is not exploitable.

Firefox browser director Mike Beltzner is encouraging users to update to version 3.5.1 as soon as possible. (Source: If you use Firefox as your web browser, click Help -> Check for Updates to update your browser. If you are upgrading from version 3.0x to version 3.5, ensure you run Help -> Check for Updates again to update to version 3.5.1.

Rate this article: 
No votes yet