Mozilla Vulnerabilities
From US-CERT
A vulnerability in the way Mozilla products and derivative programs handle certain malformed URIs could allow a remote attacker to execute arbitrary code on a vulnerable system.
Mozilla and Firefox users are encouraged to consider disabling IDN. While implementing this workaround does not correct the buffer overflow error, it prevents the vulnerable portion of code from being exploited. This can be accomplished by adding the following line to the prefs.js file:
user_pref("network.enableIDN", false);
or by following these steps:
1. Open the browser, type about:config into the location bar, and hit enter.
2. In the "Filter" dialog box, enter "network.enableIDN" (without the quotation marks) and hit enter.
3. A single Preference Name should appear in the results.
4. Double-click on the result. In Firefox, this will toggle the value from true to false. In Mozilla, this will open a dialog box titled "Enter boolean value." Enter "false" into this box and hit enter.
This vulnerability was reported by Tom Ferris.
This document was written by Chad Dougherty and Will Dormann.
<< Home