Patch & Workaround for Firefox Flaw Available

← Back to Stories (view on slashdot.org)

Patch & Workaround for Firefox Flaw Available

Posted by Zonk on Saturday September 10, 2005 @06:15AM from the plugging-the-holes dept.

mcc writes "Yesterday Slashdot reported on a Firefox vulnerability which could allow remote code execution. Today Firefox has a patch and a configuration workaround, both of which immunize against the bug. If you are using Firefox you should immediately go to the URL 'about:config', type 'network.enableIDN' into the box, and verify that 'network.enableIDN' is set to 'false'." Update: 09/10 18:59 GMT by Z : Removed wayward colon.

13 of 235 comments (clear)

Re:Secure Web Browser by ari_j · 2005-09-10 06:21 · Score: 2, Funny

lynx
What are you talking about? by carguy84 · 2005-09-10 06:22 · Score: 1, Funny

Firefox is totally secure, just like Linux is. Only MSFT is not secure, don't you read this website???
Re:IDN? by ScrewMaster · 2005-09-10 06:24 · Score: 3, Funny

Integrated Digital Network without the Services. I think it's referring to MSN.

--
The higher the technology, the sharper that two-edged sword.
Re:Power of Propaganda by DCstewieG · 2005-09-10 06:43 · Score: 2, Funny

Nature doesn't operate on 100% uptime, only 99.9%.

Really? I must have missed the time nature went down. What was that like?
Re:Here's a question... by Professor_UNIX · 2005-09-10 06:51 · Score: 4, Funny

Turning IDN off in Firefox is mighty a stupid solution. Stupid on a planetary scale. A problem should be fixed, not circumvented by removing the functionality.
I disagree. I would wager at least 98% of Firefox users do not need IDN functionality at all. The only thing it's really used for in reality are phishing sites. Unless you regularly interact with foreigners who refuse to conform to the proper ASCII character set in their domain names you shouldn't notice any difference in your browsing at all. When Jesus established the original RFC for domain names he used sensible restrictions, but now with this new IDN garbage we have people using characters that don't even make sense or appear on our keyboards! What villainy is this?
Re:Secure Web Browser by Mr.+Underbridge · 2005-09-10 06:54 · Score: 2, Funny

Mac and Safari and or Firefox on Mac.
Firefox on the Mac is about as stable as a schizophrenic off their lithium.
Re:Secure Web Browser by An+Onerous+Coward · 2005-09-10 06:56 · Score: 2, Funny

Nyuh-uh. Lynx still does "rendering", which means it's actually interpreting the information being sent to it. That means there is still a risk of it being sent a piece of data that exploits a vulnerability.

I was going to argue that the only safe thing to do would be to use wget and interpret the web pages in your head. But the last guy who took that advice got 'sploited anyways. He's in the hospital with his brain stuck in an infinite loop.

--
You want the truthiness? You can't handle the truthiness!
Re:Here's a question... by Professor_UNIX · 2005-09-10 06:57 · Score: 4, Funny

Woops, I meant Jon.. Jon Postel. Common mistake.
But, but, but by heinousjay · 2005-09-10 07:04 · Score: 5, Funny

Removed wayward colon.

Ewwwwwww.

--
Slashdot - where whining about luck is the new way to make the world you want.
Re:Power of Propaganda by i_ate_god · 2005-09-10 07:15 · Score: 2, Funny

I dunno, I went down with it.

--
I'm god, but it's a bit of a drag really...
Ouch. by x136 · 2005-09-10 07:24 · Score: 5, Funny

Update: 09/10 18:59 GMT by Z : Removed wayward colon.
That sounds exceedingly painful.

--
SIGFEH
Comment removed by account_deleted · 2005-09-10 08:26 · Score: 2, Funny

Comment removed based on user account deletion
Re:Secure Web Browser by bcmm · 2005-09-10 08:41 · Score: 2, Funny

Telnet

--
# cat /dev/mem | strings | grep -i llama
Damn, my RAM is full of llamas.