Firefox/Mozilla exploit semi-permanenet fix
Brad De Vries
devriesbj
Wed Feb 9 17:40:10 PST 2005
On Wed, 9 Feb 2005 12:59:04 -0800, Bill Campbell
<linux-sxs at celestial.com> wrote:
> On Wed, Feb 09, 2005, Tim Wunder wrote:
> >There's an exploit to current versions of Firefox/Mozilla (and
> >Safari/Konqueror) pertaining to the International Domain Name specification
> >that affects all non-ie browsers (ie doesn't support IDN).
> >
> >A demo of the exploit and a semi-permanent fix can be found here:
> >http://users.tns.net/~skingery/weblog/2005/02/permanent-fix-for-shmoo-group-exploit.html
> >
> >You need to edit the compreg.dat in the user's profile directory.
> >Change
> >@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
> >to
> >@mozilla.org/network/idn-service;0,{62b778a6-bce3-456b-8c31-2865fbb68c91}
> >
>
> This may or may not work as the fix appears to be temporary (e.g. it
> doesn't work after FireFox is restarted).
>
> I came across a very nice solution to this problem on another mailing list.
> Install the ``Adblock'' extension (Tools->Extensions). Restart FireFox,
> then go to Tools->Adblock and add the filter pattern: /[^\x20-\xFF]/.
> This will block andy URL that uses characters outside the normal ASCII range.
>
> Bill
> --
> INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
> UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
> FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
> URL: http://www.celestial.com/
>
> ``Democracy Is Mob Rule with Income Taxes''
Don't forget to turn on the 'Site Blocking' feature within Adblock Preferences:
1) Tools | Adblock | Preferences...
2) Click on 'Adblock Options' and check the 'Site Blocking' feature.
3) Enter the filter Bill listed above.
4) Accept the warning about the regular expression entry.
Brad.
More information about the Linux-users
mailing list