Firefox/Mozilla exploit semi-permanenet fix
Bill Campbell
linux-sxs
Wed Feb 9 15:59:18 PST 2005
On Wed, Feb 09, 2005, Tim Wunder wrote:
>There's an exploit to current versions of Firefox/Mozilla (and
>Safari/Konqueror) pertaining to the International Domain Name specification
>that affects all non-ie browsers (ie doesn't support IDN).
>
>A demo of the exploit and a semi-permanent fix can be found here:
>http://users.tns.net/~skingery/weblog/2005/02/permanent-fix-for-shmoo-group-exploit.html
>
>You need to edit the compreg.dat in the user's profile directory.
>Change
>@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
>to
>@mozilla.org/network/idn-service;0,{62b778a6-bce3-456b-8c31-2865fbb68c91}
>
This may or may not work as the fix appears to be temporary (e.g. it
doesn't work after FireFox is restarted).
I came across a very nice solution to this problem on another mailing list.
Install the ``Adblock'' extension (Tools->Extensions). Restart FireFox,
then go to Tools->Adblock and add the filter pattern: /[^\x20-\xFF]/.
This will block andy URL that uses characters outside the normal ASCII range.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Democracy Is Mob Rule with Income Taxes''
More information about the Linux-users
mailing list