Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patch & Workaround for Firefox Flaw Available

Posted by Zonk on from the plugging-the-holes dept.

mcc writes "Yesterday Slashdot reported on a Firefox vulnerability which could allow remote code execution. Today Firefox has a patch and a configuration workaround, both of which immunize against the bug. If you are using Firefox you should immediately go to the URL 'about:config', type 'network.enableIDN' into the box, and verify that 'network.enableIDN' is set to 'false'." Update: 09/10 18:59 GMT by Z : Removed wayward colon.

3 of 235 comments (clear)

  1. Secure Web Browser by joelparker · · Score: 4, Interesting

    With two significant security flaws discovered so far in Firefox (and many in IE) what should a high-security company do for a secure web browser?

    1. Re:Secure Web Browser by justsomebody · · Score: 4, Interesting

      Well, first thing a high-security company should do is localize machines with internet access and separate them from the rest that need to be secure. It worked out for me when I recieved a job that demanded this task.

      We just separated vital and non-vital computers in two groups with one computer serving as bridge when data needed to be transfered from one network to another. This was one and only node in network visible to all with minimized and highly tracked in-house services for transfering the data.

      Second thing on the secure part is absolute disabling of any kind of install and taking out every removable device.

      But,... there is no better security than being unplugged. So, best answer to your question "which browser?" is NO BROWSER

      --
      Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
  2. Re:That was FAST. by cnettel · · Score: 4, Interesting
    It will just be sad for those users relying on IDN. That may not be U.S. users, but it WILL disturb some Swedish sites, and I assume it's far worse for Japanese and Chinese users, for example. There may be other, older, domain name schemes for those users still used that I'm not aware of, though, but IDN has been seen as the way forward for quite some time.

    It's not a patch anymore than turning of Javascript is a patch for several IE vulnerabilities. It might be argued that this workaround does less in the area of destroying the "experience" for normal surfers, but as I noted, I think that depends much on your nationality/language.