Highly Critical Firefox Vulnerability


Recommended Posts

WorldStart Message Boards - highly critical Firefox vulnerability

http://forum.worldstart.com/showthread.php?t=73077

Highly critical Firefox vulnerability

Secunia - Advisories - Firefox URL Domain Name Buffer Overflow

http://secunia.com/advisories/16764/

Instead of the Securia workaround of not browsing untrusted sites,

you could just disable IDN entirely by typing about:config into

the location bar and press enter, type IDN into the filter,

find this line:

network.enableIDN

right click the line and select toggle (to false), close and reopen Firefox.

-----------------------------------

This tests whether you're vulnerable or not (don't click it if you haven't disabled IDN!):

http://www.security-protocols.com/firefox-death.html

If it loads a blank page, you're safe. If it crashes Firefox (Mozilla or Netscape), you're not safe.

------------------------------------------------

More info here

Highly Critical Vulnerability Reported by Secunia - MozillaZine Forums

Edited by flatiron__2
Link to post
Share on other sites

I did the download patch method posted in Software Updates posted by chachazz and it works. I got the blank page... :D It shows up(no IDN) in Help and About Mozilla Firefox after the patch is downloaded and a Firefox restart.

Thanks for the warning and heads up thread flatiron, very much appreciated.. :thumbsup:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...