1. Not finding help here? Sign up for a free 30min tutor trial with Chegg Tutors
    Dismiss Notice
Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Firefox Remote Exploit

  1. Sep 9, 2005 #1

    dduardo

    User Avatar
    Staff Emeritus

    Firefox URL Domain Name Buffer Overflow

    Rating: Highly Critical

    http://secunia.com/advisories/16764/

    See if your vulnerable by clicking the the following link (Note: Firefox might crash) :

    http://www.security-protocols.com/firefox-death.html

    Depending on your Firefox setup this may or may not effect you. This did not affect me (Gentoo Linux, FF 1.06 compiled with fstack-protector-all).

    Solution:

    1) In the url bar go to about:config
    2) Click on network.enableIDN to set to false

    [edit] Mozilla has been planning to disable IDN for some time now since it is a broken standard. The patch Mozilla will be releasing shortly will disable IDN for good. You can actually go to Mozilla's Bugzilla and download the xpi patch.

    https://bugzilla.mozilla.org/attachment.cgi?id=195467
     
    Last edited: Sep 9, 2005
  2. jcsd
  3. Sep 9, 2005 #2

    cronxeh

    User Avatar
    Gold Member

    Its kinda weird it tries to download a file from NOAA's website

    and the line in that file says

    Matt Foster - SHV 1.2e
     
  4. Sep 9, 2005 #3

    dduardo

    User Avatar
    Staff Emeritus

    What are you talking about? The patch? The patch comes straight from bugzilla.mozilla.org.
     
  5. Sep 9, 2005 #4

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    And how do I set it to false?
     
  6. Sep 9, 2005 #5

    hypnagogue

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Does that mean you're using Firefox now? :surprised

    Just double click it and it should be set to false.
     
  7. Sep 9, 2005 #6

    FredGarvin

    User Avatar
    Science Advisor

    Thanks for the heads up Dduardo. I had to change it.
     
  8. Sep 10, 2005 #7

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    *Shhhhhhhht!*


    Actually, I found a skin that solved some critical problems I had.

    Right, next time I should just go to sleep at 3 am.
     
  9. Sep 10, 2005 #8
    I use Firefox 1.0.6 on winXPsp2 and network.enableIDN to set to true, but the link does not crash Firefox it just gives me an empty page.
     
  10. Sep 10, 2005 #9

    dduardo

    User Avatar
    Staff Emeritus

Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Firefox Remote Exploit
  1. Firefox browser? (Replies: 21)

  2. Firefox and PF (Replies: 12)

  3. Firefox Addons (Replies: 4)

  4. Paypal Exploitation? (Replies: 15)

Loading...