Firefox 3.5 : JS fault reported

[Dr J R Stockton]

In mozilla.feedback.firefox message <2LmdndZZLaFUHfrXnZ2dnUVZ_vmdnZ2d@mo
zilla.org>, Wed, 22 Jul 2009 16:12:41, Vlad <hendrix-no-replyatmozillado
torg@?.?.invalid> posted:

A critical memory corruption flaw in the Just-in-time JavaScript
compiler in Firefox could be exploited to take control of vulnerable
computers. The flaw affects Firefox 3.5,
...

Read it!

 

[Gabriel Gilini]

Is this, perhaps, why 3.5.1 shipped recently?

Yes, and this is old news, actually.

Here's the original exploit: http://milw0rm.org/exploits/9137

 

[Dr J R Stockton]

In comp.lang.javascript message <58-dnUys5qAPX_XXnZ2dnUVZ8hVi4p2d@bright

Is this, perhaps, why 3.5.1 shipped recently? And there was me,
thinking they'd done it just to fix my long startup delay.

I don't know. But if you read the links provided in the article (which
Turnpike easily shows!), you will see at mozilla "Update: This
vulnerability has been fixed in Firefox 3.5.1, released Thursday, July
16, 2009".

Q: does FF 3.5 about:config include places.frecency.* (sic) entries?