Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

Open-Source Driver Fans Will Love NVIDIA's New OpenGL Demo

Those with a bit of humor will love the demo NVIDIA recently used for showing off their Nouveau-based open-source graphics driver stack on the Tegra K1 SoC. Last month at FOSDEM was a presentation on the Nouveau Tegra K1 driver stack by Alexandre Courbot of NVIDIA. In there NVIDIA talked about their great experience working on this open-source driver and engagement with the Nouveau community, which will continue for future Tegra SoCs. That aforelinked article covered all of the important details of that presentation. Read more

GNOME Builder Makes It Easier for Developers to Create Apps for GNOME 3.16

On March 26, we announced the release of the GNOME 3.16 desktop environment, and we unveiled its awesome features, including updated and new applications. However, we completely missed one app: GNOME Builder, a powerful IDE (Integrated Development Environment) for GNOME. Read more

User-friendly virtual hosting with TurnKey Linux

Suppose you’re a developer and want to experiment with Drupal 7.7 or WordPress. Maybe you're a K-12 teacher or university professor and want to teach your students Moodle administration or how to create some network-attached storage. You could download a tarball from Drupal.com or WordPress.org and configure on your own desktop or laptop, but then you would also need to configure Apache and MySQL too. All of these operations take effort and know-how that you may or may not have time for. Read more

Late Week in Techrights