News
News
9/12/2005
01:33 PM
Connect Directly
RSS
E-Mail
50%
50%

Mozilla Fixes Firefox Flaw

Temporary workarounds for the most recent bug in Firefox and Mozilla browsers include both manual and automated fixes.

Mozilla Corp. has posted temporary workarounds for the most recent bug in its Firefox and Mozilla browsers that include both manual and automated fixes.

On Friday, just hours after Mozilla released the long-awaited Beta 1 of Firefox 1.5, a researcher posted information and proof-of-concept code for a vulnerability that could let attackers gain complete control of a PC simply by enticing users to a malicious Web site.

"We’re looking into the problem," said Mike Schroepfer, Mozilla's director of engineering, on Friday in an interview, "and we'll respond with a patch as quickly as possible."

Although the fix Mozilla posted wasn't a patch per se, it does eliminate the vulnerability in the browser's support for international domain names, (IDN). Users can either follow the directions for manually disabling IDN posted on the Mozilla site, or download and install a small patch which makes the changes.

"IDN functionality will be restored in a future product update," promised Mozilla in the patch alert.

This isn't the first time that problems with IDN has plagued Mozilla's browsers. Earlier this year, IDN support within Firefox was disabled in response to a spoofing vulnerability. IDN support was later turned back on in a follow-up version, however.

"This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1," said Mozilla in a statement back in February. (The "Firefox 1.1" tag was later dropped in favor of version 1.5, which released in beta form on Friday.)

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.