Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

New Video Series Teaches Kids About Linux

Growing up in rural Utah, brothers Jared and JR Neilsen spent their free time recording videos that starred a cast of homemade puppets. As adults they've reconvened to create their own web series,Hello World, which aims to teach kids about computer science. The latest segment in the series, “Superusers: The Legendary GNU/Linux Show,” is focused on teaching Linux fundamentals. Puppets Adelie the penguin and Aramis the gnu lead kids on operating system adventures to teach topics such as how to use commands, write basic shell scripts, and find a file or directory. “We wanted to do something creative and fun, merging the adventures of our youth with our current interests in computer science,” Jared Neilsen said, via email. “It's a pastiche of things we love: puppets, surreal British comedy, philosophy, music, superhero cartoons, and Linux, of course.” Read more

Google's Chrome Strategy Heads in New Directions, Draws Linux Comparisons

Google's Chrome browser and Chrome OS operating system are grabbing headlines this week for several reasons. As Susan reported here, Matt Hartley said recently, 'Anyone who believes Google isn't making a play for desktop users isn't paying attention.' Hartley favors putting Linux in front of a lot of potential Chrome OS users, and says "I consider ChromeOS to be a forked operating system that uses the Linux kernel under the hood." Read more

Alice is killing the trolls -- but expect patent lawyers to strike back

Open source software developers rejoice: Alice Corp. v CLS Bank is fast becoming a landmark decision for patent cases in the United States. The Court of Appeals for the Federal Circuit, which handles all appeals for patent cases in the United States, has often been criticized for its handling of these cases -- Techdirt describes it as "the rogue patent court, captured by the patent bar." But following the Alice decision, the Court of Appeals seems to have changed. Read more

How to Give your Smartphone the Android L Look

Android L is Google's latest mobile operating system. Apart from a complete UI overhaul, this version brings along a myriad of performance improvements. Compared to its competitor iOS 8, Android L outperforms the Apple mobile operating system in design and performance. Though there is no clear announcement as to when Android L will be reaching our devices, its Material Design has slowly started catching up among app developers. Furthermore, many apps have come up that let you completely change the Android smartphone’s user interface to match that of Android L. Although many of those apps are annoyingly hard to use, some of them make the job really simple. Below, we'll show you how to make the most out of such apps and then transform your phone’s UI to completely match the Android L look. Read more