Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

Red Hat News

Samsung Z4 gets WiFi Certified with Tizen 3.0 onboard, Launching soon

Today, the next Tizen smartphone, which should be the named the Samsung Z4, has received its WiFi certification (certification ID: WFA70348) – Model number SM-Z400F/DS with firmware Z400F.001 on the 2.4Ghz band. WiFi certification is usually one of the last steps before a mobile device gets released and means a launch is coming real soon as we have already seen the Z4 make its debut appearance at the FCC. For the previous model, the Samsung Z2, we saw it get WIFi certified on 7 July and then launched on 23 August, a mere 6 weeks. Read more

Linux 4.10.6

I'm announcing the release of the 4.10.6 kernel. All users of the 4.10 kernel series must upgrade. The updated 4.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.10.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-st... Read more Also: Linux 4.9.18 Linux 4.4.57

Kernel Space: Linux, Graphics

  • Mux Controller Subsystem Proposed For Linux 4.12
    A new subsystem has been proposed for staging in the Linux 4.12 kernel. Peter Rosin has requested Greg KH pull in the mux controller subsystem for the Linux 4.12 kernel. He explained of this new subsystem, "This adds a new mux controller subsystem with an interface for accessing mux controllers, along with two drivers providing the interface (gpio and adg792) and two consumers (iio and i2c). This is done in such a way that several consumers can independently access the same mux controller if one controller controls several multiplexers, thus allowing sharing."
  • Marek Looking To Tackle Large RadeonSI Performance Bottleneck
    Prolific Mesa developer Marek Olšák is looking to tackle what he thinks is the "biggest performance bottleneck at the moment" for the RadeonSI Gallium3D driver.
  • Shader Variants Support For Etnaviv Gallium3D