September 10th, 2005, 01:31 PM
Mozilla offers temporary fix for Firefox flaw
Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.
The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.
The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs, said Mike Schroepfer, director of engineering at Mozilla. IDNs are domain names that use local language characters. The fix disables support for such Web addresses, he said.
Mozilla offers temporary fix for Firefox flaw | CNET News.com
CNET's download link didn't go anywhere for me so here's a link to the download just in case...
What Firefox and Mozilla users should know about the IDN buffer overflow security issue
September 10th, 2005, 03:54 PM
Thanks for the link. I liked the option to manually configure the workaround. It got me to dig some deeper into Firefox and improve my knowledge level that way.
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
September 10th, 2005, 06:04 PM
BrainStop... everyone always says that open source is so great because you can just make the changes you want... so why don't you just fix the problem yourself and screw the workaround crap?