Language Selection

English French German Italian Portuguese Spanish

Mozilla offers temporary fix for Firefox flaw

Filed under
Moz/FF

Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users.

The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode.

"This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.
Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said.

In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

Full Story.

More in Tux Machines

Android Leftovers

Availability of Qt Free Edition

In my last blog posts, I explained the KDE Free Qt Foundation, which guarantees the free availability of the Qt Toolkit. Today, The Qt Company introduced a new Qt online installer that requires users to accept additional license terms. Many people have contacted me with concerns about this change. I share this concern. Even before this, I have already been concerned about the structure of the qt.io download page, since it blurs the lines between the Qt Toolkit itself and additional, proprietary products. Read more

Valve's Mods Blunder Prompts Reddit Community to Create Open Source Steam Replacement

Valve has recently gone through a major PR debacle after the company announced that it's implementing paid mods for games and Skyrim in particular. Their decision was short-lived, and it was retracted, but they have managed to incur the rage of the community. Independent developers are now working on a new game launcher that will make Steam obsolete. Read more

Biicode goes open source early after outpouring of community support

After the announcement, our community growth skyrocketed. Our investors were so impressed by the welcoming of our open source announcement that they let us go ahead with open sourcing biicode early. We worked hard to release most of it in biicode 3.0. Read more