Skip to main content

What Firefox and Mozilla users should know about the IDN buffer overflow security issue

No replies
kohsuke
Offline
Joined: 2003-06-09
Points: 0

from https://addons.mozilla.org/messages/307259.html
On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.