Bugs are a fact of life in the technology world, and the Open Source community is no exception. What is exceptional, however, is the open way these vulnerabilities are handled, as the developers behind Mozilla's Firefox browser have aptly demonstrated.
One element of the acclaimed performance booster is giving its developers something of a headache this week, however. The first zero-day exploit for Firefox 3.5 was revealed publicly on Monday, in the form of a vulnerability in the browser's Just-in-time compiler. Unlike older methods of execution, which interpret the bytecode created from the browser's source code, a Just-in-time compiler transforms the bytecode into native machine code just before executing it, resulting in significant performance improvements. Attackers can utilize the vulnerability to execute malicious code on the user's system by luring them to a website containing the exploit code.
A patch for the exploit has yet to be released, though Firefox developers are on the case. Mozilla has indicated that once developers have prepared and tested the patch, it will be pushed out to users via the normal update channels. Linux users may wish to make special note of the update — because it was released so recently, users are likely to have installed Firefox 3.5 manually rather than via their distribution's repositories, and thus may not receive updates in the manner they are accustomed to.
Developers stress that this is only a temporary fix, and as it will result in significantly decreased browser performance, should be returned to its original setting as soon as the patch is installed. Users uncomfortable with altering about:config settings can achieve the same result by running the browser in Safe Mode, though this will result in additional components being disabled.
Justin Ryan is a Contributing Editor for Linux Journal.
|ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs||Aug 24, 2016|
|Updates from LinuxCon and ContainerCon, Toronto, August 2016||Aug 23, 2016|
|NVMe over Fabrics Support Coming to the Linux 4.8 Kernel||Aug 22, 2016|
|What I Wish I’d Known When I Was an Embedded Linux Newbie||Aug 18, 2016|
|Pandas||Aug 17, 2016|
|Juniper Systems' Geode||Aug 16, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Updates from LinuxCon and ContainerCon, Toronto, August 2016
- What I Wish I’d Known When I Was an Embedded Linux Newbie
- ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs
- NVMe over Fabrics Support Coming to the Linux 4.8 Kernel
- New Version of GParted
- All about printf
- Tor 0.2.8.6 Is Released
- Blender for Visual Effects
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide