Jump to content

Mozilla Idn Buffer Overflow Security Hole


Recommended Posts

On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.


On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.


Go here for instructions and downloads.


PS - When I went to the page and read the instructions, they seemed familiar. I went to the about:config page and the option they mention is already set to false... wasn't this the solution for a previous problem, also related to IDN?

Edited by borfast
Link to comment
Share on other sites

Yep, I knew this had been brought up before -> http://www.mozillazine.org/talkback.html?article=6038


In that thread, they talk about the IDN vulnerability, as well as the solution mentioned in the page I linked to above. :P


But now I wonder, why is this being brought up again if it had already been solved?... :|

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...