Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

The Companies That Support Linux: MariaDB

MariaDB Corporation is a provider of open source database solutions for SaaS, cloud and on-premise applications that require high availability, scalability, and performance. Built by the founder and core engineering team behind MySQL, MariaDB has more than 2 million users globally and over 500 customers in more than 45 countries -- most of whom are running Linux. Read more

UK health service nurtures open source communities

The UK’s National Health Service (NHS) is nurturing a growing number of communities of software developers working on open source solutions. NHS’ Code4Health team is now supporting 17 communities that bring together health care providers, developers and supporters. Read more

LG's got a flip phone that runs Android Lollipop

Flip phones aren't just for retro hipsters and the elderly anymore... well, actually they kind of are. But they're super popular in Asia, and now you can get one that'll run the latest apps: LG's Gentle flip phone. The faux-leather adorned device is running a bleeding edge version of Android 5.1 Lollipop and packing 4G LTE. Otherwise, it's not exactly a power-user's dream with a 3.2-inch 480 x 320 screen, 3-megapixel rear camera, 4GB of (expandable) storage and 1GB of RAM. But for just 20 million won ($175) it would make a fine second phone, provided you live in Korea -- it's unlikely to come here, and similar flip phones can be pricey to import. Read more

Next-gen Android One phone launches in India for $176

The Lava Pixel V1 offers a solid value for the price, combining mid-range hardware with the latest Android software updates from Google. Read more