Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

DebEX Barebone Is the First Debian 8 Jessie Live CD with Xfce 4.12

Arne Exton had the pleasure of informing Softpedia earlier today, March 29, about the immediate availability for download of a new build (150329) of his DebEX Barebone computer operating system derived from the upcoming Debian GNU/Linux 8 Jessie distribution and built around the recently released Xfce 4.12 desktop environment. Read more

Linus Torvalds Announces Linux Kernel 4.0 RC6, Final Version to Be Released Soon

Linus Torvalds had the pleasure of announcing today, March 29, the immediate availability for download and testing of the sixth Release Candidate (RC) version of forthcoming Linux 4.0 kernel. Apparently, some important bugs have been squashed, which means that the final Linux kernel 4.0 will be released sooner than expected. Read more

Mesa's Android Support Is Currently In Bad Shape

While Mesa is talked about as being able to be built for Google's Android operating system to run these open-source graphics drivers on Android devices with OpenGL ES support, in reality there's a lot left to be desired. Over the years there's been a handful of developers working on Android Mesa support to let the popular open-source graphics drivers run over there -- from the Intel driver now that they're using HD Graphics within their low-power SoCs (rather than PowerVR), AMD has made a few steps toward Android netbook/laptop devices with Radeon graphics, and we're starting to see Gallium3D drivers for Qualcomm Adreno (Freedreno) and the Raspberry Pi (VC4) where there's interest from Android users. This year as part of Google Summer of Code we also might see a student focused on Freedreno Android support. Read more

India doubles down on use of Open Source software

Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organizations, as a preferred option in comparison to Closed Source Software," said the policy statement, put on the website of the Department of Electronics and Information Technology. Read more