Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

GNOME: Maps shaping up for 3.20

So, we're soon approaching the UI freeze for GNOME 3.20. It's looking quite good when it comes to OpenStreetMap editing in Maps (among other things). But first I thought I was going to show-case another improvement, namely the expanded place bubbles (show information about places you search for on the map). Read more

The Influence of Debian in Linux Open Source Community

The Linux community, and the technology world in general, were shocked by the news of Ian’s Murdock tragic death a couple of weeks ago – and rightfully so. Ian’s legacy and vision as the founder of the Debian project not only influenced many others who went on to start their own distributions, but also were the means to create a rock-solid operating system that many individuals and businesses of all sizes have used for more than 20 years. Read more EOL:

  • Debian 6 LTS reaches end-of-life on February 29 - it's time to upgrade
    The Debian Long Term Support team has announced that Debian 6 - a long term support release - will stop receiving updates on February 29, 2016. Debian 6 was first released on February 6, 2011, and saw ten point releases while it was supported by the main nucleus of the Debian community. Since July 19, 2014, maintenance of Debian 6 has been left to the Long Term Support team.
  • Debian GNU/Linux 6.0 LTS "Squeeze" to Reach End-of-Life on February 29, 2016
    Today, February 12, 2016, the Debian Project has announced that the long-term supported Debian GNU/Linux 6.0 (Squeeze) is about to reach end-of-life (EOL) in approximately two weeks, on February 29, 2016.

Fysbis: The Linux Backdoor Used by Russian Hackers

Fysbis (or Linux.BackDoor.Fysbis) is a new malware family that targets Linux machines, on which it sets up a backdoor that allows the malware's author to spy on victims and carry out further attacks. Read more

Faking Open, Debian Influence, Da Linux

Matt Asay today said that there is no money in Open Source software because the "open source companies" that get rich don't do it with Open Source software. The big story today must be the Russian government's plan to dump Windows for Linux. Debian 6.0 will reach its end-of-life at the end of the month and Tecmint.com recently looked at the influence Debian has had on the Linux community. A new website helps you decide what you can do for Fedora and I Love Free Software day approacheth. New openSUSE Board member Bryan Lunduke sees some problems in KDE Neonland and Swapnil Bhartiya shared his picks for best distros of 2016. Read more