Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2005 > Mozilla - What Firefox and Mozilla users should know about the IDN buffer overflow security issue

September 2005

Mozilla - What Firefox and Mozilla users should know about the IDN buffer overflow security issue

ID: 00792
Ref: 738/05
Date: 13 September 2005:15:55:35
Version: 1
Title: Mozilla - What Firefox and Mozilla users should know about the IDN buffer overflow security issue
Abstract: Mozilla have released instructions that describe a work around for a vulnerability relating to the handling of Internationalised Domain Names (IDN).
Vendors affected: Mozilla
Operating systems affected: Mozilla
Applications affected: Mozilla

Title
=====
Mozilla - What Firefox and Mozilla users should know about the IDN buffer overflow security issue


Detail
======

Mozilla have released instructions that describe a work around for a vulnerability relating
to the handling of Internationalised Domain Names (IDN). The following is an extract from
the instructions:

"On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the
Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly
disclosed.

On September 9, the Mozilla team released a configuration change which, as a temporary
measure to work around this problem, disables IDN in the browser. IDN functionality will
be restored in a future product update. The fix is either a manual configuration change
or a small download which will make this configuration change for the user. Instructions
on administering these changes can be found below.

How to update
There are two methods for resolving this problem. The first method is to install a small
download and the second method is to manually change the browser configuration. You only
need to do one of the two."


The instructions can be viewed at the following URL:
https://addons.mozilla.org/messages/307259.html



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |