Users login

Create an account »


Users login

Home » Hacking News » Critical Firefox patch

Critical Firefox patch

by Nikola Strahija on September 12th, 2005 Mozilla has published a software patch and instructions for a workaround, both of which disable a Firefox vulnerability and prevent a buffer overflow.

The bug concerns the International Domain Name (IDN) feature that Mozilla products use to process Web pages that do not use Latin Alphabet characters in their names.

Links pointing to a host with a long name composed entirely of dashes can be fabricated in a manner to make Firefox execute any arbitrary code. An attacker could theoretically use the flaw to take control of a user's machine.

No code that actually exploits this vulnerability has yet been seen, but all versions of Mozilla Firefox and the Mozilla Suite are affected, according to the Mozilla team. -It's something we take seriously because it could be used for bad things, said Mike Schroepfer, director of engineering.

Because both the patch and the workaround simply disable IDN, users who require the feature to visit international websites should stick to visiting sites they know and trust until the problem is actually repaired, Schroepfer said. As to when that will happen, ‘we're determining that now’, he said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »