Firefox/Mozilla exploit semi-permanenet fix
Roger Oberholtzer
roger
Thu Feb 10 02:12:13 PST 2005
On Wed, 2005-02-09 at 12:59 -0800, Bill Campbell wrote:
> On Wed, Feb 09, 2005, Tim Wunder wrote:
> >There's an exploit to current versions of Firefox/Mozilla (and
> >Safari/Konqueror) pertaining to the International Domain Name specification
> >that affects all non-ie browsers (ie doesn't support IDN).
> >
> >A demo of the exploit and a semi-permanent fix can be found here:
> >http://users.tns.net/~skingery/weblog/2005/02/permanent-fix-for-shmoo-group-exploit.html
> >
> >You need to edit the compreg.dat in the user's profile directory.
> >Change
> >@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
> >to
> >@mozilla.org/network/idn-service;0,{62b778a6-bce3-456b-8c31-2865fbb68c91}
> >
>
> This may or may not work as the fix appears to be temporary (e.g. it
> doesn't work after FireFox is restarted).
>
> I came across a very nice solution to this problem on another mailing list.
> Install the ``Adblock'' extension (Tools->Extensions). Restart FireFox,
> then go to Tools->Adblock and add the filter pattern: /[^\x20-\xFF]/.
> This will block andy URL that uses characters outside the normal ASCII range.
Not always a solution...
More information about the Linux-users
mailing list