On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.
How to update
There are two methods for resolving this problem. The first method is to install a small download and the second method is to manually change the browser configuration. You only need to do one of the two.
Installing the Patch
* To install the security patch for Firefox or the Mozilla Suite, follow these instructions:
1. Firefox and Mozilla Suite users click this link:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi
2. In the Software Installation window, click the "Install Now" button.
3. Exit and restart your Mozilla or Firefox browser.
* To verify the fix in Firefox and the Mozilla Suite, be sure to restart the browser and then follow these steps:
1. In Firefox Click Help -> About Mozilla Firefox and verify that the user agent string contains "(noIDN)"
2. In the Mozilla Suite Click Help -> About Mozilla and verify that the user agent string contains "(noIDN)"
Manually Configuring the Browser
* To manually change the browser configuration for Firefox or the Mozilla Suite, follow these instructions:
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Right click on the the network.enableIDN item and select toggle to change value to false.
* To verify the fix in your Firefox or Mozilla application, be sure to restart the browser and then follow these steps.
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Ensure that the the value for this item is set to false.
» Microsoft IE7 vs Mozilla Firefox 2.0
» Firefox Browser for Web 2.0 Age
» Mozilla Firefox v2.0 Alpha 1
» Mozilla 1.8 Spirit Reincarnates As SeaMonkey 1.0
» IE7 Adopts Firefox RSS Feed Icon
» FireFox Tweak Guide
» Grand Theft Auto: San Andreas - No More Hot Coffee Patch
» Mozilla Deer Park Alpha 2 Available for Download
» Mozilla Firefox 1.0.5 Released
» Netscape 8 Review - Better than FireFox
» Firefox & Mozilla Updates Available - Security Fixes
» Firefox 1.0 Released
» Latest Mozilla Releases Fix 10 Security Flaws
» Security Hole Found In Mozilla Browser
» Return of the UnJedi - Back To 2.03 Unified Drivers For WinXP/2000
Published in: General on 2005-09-13
Loading ...
del.icio.us
Digg
Furl
Netscape
Yahoo! My Web
StumbleUpon
Google Bookmarks
Technorati
BlinkList
Newsvine
ma.gnolia
reddit
Windows Live
Tailrank
