There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.

The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That means an attacker may be able to execute malicious code on a target machine, if the victim visits a Web site containing an exploit.

No patch is currently available, but Mozilla developers are working on a fix. A workaround suggested in the blog post is to disable the Firefox 3.5 JIT compiler. However, Mozilla warned this would result in decreased JavaScript performance in Firefox.

The JIT compiler is part of TraceMonkey, which was added to Firefox for its 3.5 update released at the end of June. TraceMonkey is meant to optimise the browser, which is faster than previous iterations of Firefox, according to Mozilla.

On Wednesday, the United States Computer Emergency Response Team said users and administrators should completely disable JavaScript functionality in Firefox 3.5.

The Sans Institute also said people could disable JavaScript, and suggested using NoScript, an open-source Firefox plug-in that only allows script to be executed by trusted Web sites.

These "net-zero energy homes" will combine on-site power generation through solar panels or wind turbines with energy-efficient appliances and on-site storage. Consumers will get detailed energy data and potentially control appliances with Home Energy Manager, a device that is expected to cost between $200 and $250, according to GE executives at a smart grid media day.

GE is piloting the in-home products this year and expects to have the appliances and energy display available next year. The premium for the more efficient, networked appliances will be about $10 more, GE executives said.

Kevin Nolan, vice president of technology at GE's Consumer & Industrial unit, shows off GE's demand response appliances and Home Energy Manager at GE's smart grid symposium at its Global Research Center in upstate New York.

(Credit: General Electric)

Studies show that when consumers have more detailed information on their energy use, they can find ways to reduce consumption by 5 to 10 percent. When utilities have variable, or time-of-use, pricing, consumers could cut electricity use by 15 percent at on-peak times, typically in the morning and early evening.

GE appliances have been converted to have electronic controls and will have a small module in the back that will allow it to communicate with a home's smart meter. With that communication link in place, consumers can find out how much electricity individual appliances use and program them to take advantage of off-peak rates.

"I don't think any of us look forward to the day when we are monitoring hour to hour the cost of electricity. But I think all of us look forward to the day when we can set it and forget it," said Bob Gilligan, GE's vice president of transmission and distribution. "That's the future we look forward to."

For example, a consumer can set up the system so that the temperature in a water heater or thermostat can drop down to a certain level when nobody is at home.

Consumers can turn off features that will enable appliances to communicate with utilities to participate in utility-run demand-response programs, where a utility can adjust thermostats or appliances to shave peak-time consumption, according to Michael Beyerle, a marketing manager at GE's Consumer & Industrial appliance division.

Consumer incentive strong?
The idea behind the smart grid, which encompasses a range of technologies, is to make the electricity grid more efficient and reliable by applying information technologies and controls to the existing grid.

In addition to networked appliances, GE's Net Zero Home Project calls for on-site power generation through solar panels or wind turbines. GE produces solar panels and has invested in residential wind turbine maker Southwest Windpower. A 3,000-watt solar panel array, which costs roughly $30,000 to install, would be enough to supply all of a home's consumption, according to GE executives.

The major components of a net-zero energy home as part of its Net Zero Energy Home project.

(Credit: General Electric)

Plug-in electric vehicles and home batteries could be used to store electricity for peak-time power or back-up. Plug-in vehicles could also be charged during the middle of the night to take advantage of off-peak rates.

GE's Home Energy Manager control unit, which consumers access through a dedicated display, provides information to consumers but also is designed to optimize one-site energy generation and consumption.

For example, the control unit could evaluate electricity rates and see that running a dishwasher when the solar panels are producing is cheaper than running the load at off-peak times, explained Beyerle. Or a clothes drier can go into "conservation" mode during peak times where it will operate at a lower temperature and take longer to run.

During the media day, GE hosted a panel on challenges to the smart grid with Mark Brian, a consumer using a suite of GE appliances at his home in Louisville, Ky.

He found that his monthly electricity consumption has gone down by 20 percent compared to last year, although his bills have gone down only a few dollars per month because his home is still consuming much electricity at peak times. However, he said the system has given him ideas on how to take advantage of cheaper rates. "We still do the same stuff. We just do it at different times," Brian said.

GE executives said that the information-management tools need to be very easy to use. Also, policies need to be in place to address data privacy and to create financial incentives, namely variable pricing.

"There's a lot consumers are willing to do if they are properly informed and properly incented," said Gilligan.