A few days ago, Mozilla announced the free Firefox 3.5.1 update. The free download is available via Firefox itself (under HELP -> Check for Updates submenu) or the Mozilla Firefox website. This update addresses a critical vulnerability found in Firefox 3.5 – the MFSA 2009-41 described as “Corrupt JIT state after deep return from native function”.
As per documentation, Firefox 3.5.1 has fixed “a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.”
The above-stated claim is true as we can personally attest to the security hole in Firefox 3.5 (and perhaps in previous versions of MFF which has only received attention in the new Mozilla Firefox 3.5.1) strengthening the results of one study that Firefox is the Most Vulnerable Software of 2008. See previous post on this subject.
Further, the Firefox 3.5.1 file size is 7.7MB (see screnshot above) and will take about 5 minutes to download at 33.6Kbps/sec DL speed.