IDN Forums - Internationalized Domain Names  
Home | idntools | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > IDN Development > Browser, Mobile & Software

Browser, Mobile & Software Discussion of IDNs & browsers such as Microsoft IE, mobile cell phones, or other software

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 8th April 2006, 10:35 PM
Veteran
 
Join Date: Feb 2006
Posts: 7,495
iTrader: (65)
Rep Power: 2664
blastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enoughblastfromthepast will become famous soon enough
Post Firefox workaround for IDN flaw posted

Mozilla offers workaround for Firefox flaw
InfoWorld staff, InfoWorld
02/04/2006 08:20:18

The Mozilla Foundation has released a workaround for a critical buffer overflow vulnerability in the Firefox browser that was first made public early Friday.

On Friday afternoon, Mozilla developers had posted a software patch and instructions for a workaround, both of which disable the buggy Firefox feature.

The vulnerability, which was reported to the Mozilla team earlier this week, concerns the International Domain Name (IDN) feature that Mozilla products use to process Web pages that do not use Latin Alphabet characters in their names.

Links pointing to a host with a long name composed entirely of dashes can be crafted so that Firefox will execute arbitrary code of an attacker's choosing, meaning that an attacker theoretically could use the flaw to take control of a user's machine.

No code that actually exploits this vulnerability has yet been seen, but all versions of Mozilla Firefox and the Mozilla Suite are affected, according to the Mozilla team.

"It's something we take seriously because it could be used for bad things," said Mike Schroepfer, director of engineering with the Mozilla Foundation.

Because both the patch and the workaround simply disable IDN, users who require the feature to visit international Web sites should stick to visiting Web sites they know and trust until the problem is actually repaired in the browser, Schroepfer said.

When that will happen remains unknown. "We're determining that now," he said.

http://www.pcworld.idg.com.au/index....96;fp;2;fpid;1

Last edited by blastfromthepast; 8th April 2006 at 11:05 PM..
Reply With Quote
  #2 (permalink)  
Old 8th April 2006, 10:39 PM
Veteran
 
Join Date: Sep 2005
Posts: 2,699
iTrader: (50)
Rep Power: 1234
gammascalper is on a distinguished roadgammascalper is on a distinguished roadgammascalper is on a distinguished roadgammascalper is on a distinguished roadgammascalper is on a distinguished roadgammascalper is on a distinguished road
Re: Firefox workaround for IDN flaw posted

Ugh
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 04:22 AM.

Site Sponsors
Your ad here
buy idns
domain name lawyer
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54