Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

A Seat at the Big Kids’ Table at Ohio LinuxFest

Ohio LinuxFest isn’t just another excuse to travel. It’s a means for us to fulfill ourselves, and to get honest, tangible feedback for what we do and for what others are doing. It’s a place where ideas are sounded, bent, crumpled and turned until they either come out of the crucible perfect…or useless. That’s what our gatherings are about. They are about excitement and promise. They​ are about making sure the next generation has a real chance to put the first human footprint on Mars. They are a chance to insure they have the tools and the curiosity to take something apart and then make it better. This next generation will cure diabetes; they will make cancer an inconvenience and not a death sentence. Read more

OpenStack Juno is out, Debian (and Ubuntu Trusty ports) packages ready

This is just a quick announce: Debian packages for Juno are out. In fact, they were ready the day of the release, on the 16th of October. I uploaded it all (to Experimental) the same day, literally a few hours after the final released was git tagged. But I had no time to announce it. This week-end, I took the time to do an Ubuntu Trusty port, which I also publish (it’s just a mater of rebuilding all, and it should work out of the box). Here are the backports repositories. For Wheezy: deb http://archive.gplhost.com/debian juno-backports main deb http://archive.gplhost.com/debian juno main For trusty: deb http://archive.gplhost.com/debian trusty-juno-backports main Read more

Video: Systemd the Core OS (no coughing)

There has been so much negative stuff about systemd on teh Interwebs lately. It is so sad. Quite a few distros picked systemd because they liked a lot of the features it has. Why do the people who like systemd actually like it? Sure, if you look hard enough, you can find those answers... but I remembered a video where the man himself explains it. Read more

GParted 0.20 Improves Btrfs Support

GParted 0.20.0 is out today with a release that primarily improves Btrfs support. The improved Btrfs support comes via now handling support for resizing Btrfs file-systems that span multiple devices. GParted 0.20 also has GRUB2 restoration steps added to the help manual plus various translation updates. Read more