Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Firefox Remote Exploit

  1. Sep 9, 2005 #1

    dduardo

    User Avatar
    Staff Emeritus

    Firefox URL Domain Name Buffer Overflow

    Rating: Highly Critical

    http://secunia.com/advisories/16764/

    See if your vulnerable by clicking the the following link (Note: Firefox might crash) :

    http://www.security-protocols.com/firefox-death.html

    Depending on your Firefox setup this may or may not effect you. This did not affect me (Gentoo Linux, FF 1.06 compiled with fstack-protector-all).

    Solution:

    1) In the url bar go to about:config
    2) Click on network.enableIDN to set to false

    [edit] Mozilla has been planning to disable IDN for some time now since it is a broken standard. The patch Mozilla will be releasing shortly will disable IDN for good. You can actually go to Mozilla's Bugzilla and download the xpi patch.

    https://bugzilla.mozilla.org/attachment.cgi?id=195467
     
    Last edited: Sep 9, 2005
  2. jcsd
  3. Sep 9, 2005 #2

    cronxeh

    User Avatar
    Gold Member

    Its kinda weird it tries to download a file from NOAA's website

    and the line in that file says

    Matt Foster - SHV 1.2e
     
  4. Sep 9, 2005 #3

    dduardo

    User Avatar
    Staff Emeritus

    What are you talking about? The patch? The patch comes straight from bugzilla.mozilla.org.
     
  5. Sep 9, 2005 #4

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    And how do I set it to false?
     
  6. Sep 9, 2005 #5

    hypnagogue

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Does that mean you're using Firefox now? :surprised

    Just double click it and it should be set to false.
     
  7. Sep 9, 2005 #6

    FredGarvin

    User Avatar
    Science Advisor

    Thanks for the heads up Dduardo. I had to change it.
     
  8. Sep 10, 2005 #7

    Monique

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    *Shhhhhhhht!*


    Actually, I found a skin that solved some critical problems I had.

    Right, next time I should just go to sleep at 3 am.
     
  9. Sep 10, 2005 #8
    I use Firefox 1.0.6 on winXPsp2 and network.enableIDN to set to true, but the link does not crash Firefox it just gives me an empty page.
     
  10. Sep 10, 2005 #9

    dduardo

    User Avatar
    Staff Emeritus

Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Firefox Remote Exploit
  1. Firefox browser? (Replies: 21)

  2. Firefox and PF (Replies: 12)

  3. Firefox Addons (Replies: 4)

  4. Paypal Exploitation? (Replies: 15)

Loading...