Firefox 3.5 has a vulnerability in the JavaScript compiler that can be exploited by an attacker to allow execution of arbitrary code. The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code.
To disable the vulnerable component, open up a new Firefox window and type “about:config” (without the quotes) in the browser’s address bar. In the “filter” box, type “jit” and you should see a setting called “javascript.options.jit.content”. You should notice that beside that setting it reads “true,” meaning the setting is enabled. If you just double-click on that setting, it should disable it, changing the option to “false.”
Alternatively, users can disable the JIT by running Firefox in Safe Mode. Windows users can do so by selecting Mozilla Firefox (Safe Mode) from the Mozilla Firefox folder.
http://www.kb.cert.org/vuls/id/443060 US-CERT Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory vulnerability
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/ Critical JavaScript vulnerability in Firefox 3.5
