Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

Chromixium Adds Polish to Chrome

Chromixium is a new Linux distro that goes one big step further than the few existing distros catering to the Chrome OS. It one-ups Google's semi-proprietary Chrome OS locked into the popular Chromebook hardware. Read more

Leftovers: KDE Software

  • Interview with David Revoy
    I bought a tablet to start to paint digitally during this period. I didn’t know many things about software, so my first years of digital painting were made with Photoshop Elements (bundled with the tablet). With digital painting, I could experiment with many themes I could never have sold on canvas. Then I met online publishers interested in my digital art and started to work more and more as a digital painter with an official Photoshop licence, Corel Painter, etcetera. In 2003 I ended my career as a traditional painter when a client decided to buy my whole stock of canvas.
  • There and back again, an algorithm tale
    Implementing Qt data models is anything but fun. For that reason, I don’t blame anyone for writing a beginResetModel / endResetModel combo any time a more complex change has happened.
  • Google Summer of Code 2015 – Week One : The Joy Of The First Paycheck!
    What I have done till now is collect constellation artwork used in Stellarium, and complied a list of 3 stars for each constellation which would be used to position the constellation image in the sky map. I started coding and have written the ConstellationArt class declaration. Earlier I had included a Q_PROPERTY to make constellations fade in and out, but I was told that this would be difficult to achieve since KStars doesn’t use OpenGL. In any case, I think getting the constellations to display correctly in the sky is more important than making them fade. That could always be done at a later point of time.
  • Suggesting new ways: Kamoso 3.0 Technology Preview
    The world changes, and with it, we change too. For this new version of Kamoso we wanted to iterate what we’re presenting.

Carl Sagan's solar-powered spacecraft is in trouble

  • Carl Sagan's solar-powered spacecraft is in trouble
  • Software Glitch Pauses LightSail Test Mission
    But inside the spacecraft's Linux-based flight software, a problem was brewing. Every 15 seconds, LightSail transmits a telemetry beacon packet. The software controlling the main system board writes corresponding information to a file called beacon.csv. If you’re not familiar with CSV files, you can think of them as simplified spreadsheets—in fact, most can be opened with Microsoft Excel.

Ubuntu Touch OTA-4 Update to Let Users Import SIM Contacts

A fresh OTA update is being prepared for Ubuntu Touch, and it should land soon. Developers have released some of the most important improvements that will be implemented in the upcoming release. Read more