Firefox/Mozilla exploit semi-permanenet fix
Tim Wunder
tim
Thu Feb 10 09:14:32 PST 2005
On 2/9/2005 3:59 PM, I believe that Bill Campbell wrote:
> On Wed, Feb 09, 2005, Tim Wunder wrote:
>
>>There's an exploit to current versions of Firefox/Mozilla (and
>>Safari/Konqueror) pertaining to the International Domain Name specification
>>that affects all non-ie browsers (ie doesn't support IDN).
>>
>>A demo of the exploit and a semi-permanent fix can be found here:
>>http://users.tns.net/~skingery/weblog/2005/02/permanent-fix-for-shmoo-group-exploit.html
>>
>>You need to edit the compreg.dat in the user's profile directory.
>>Change
>>@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
>>to
>>@mozilla.org/network/idn-service;0,{62b778a6-bce3-456b-8c31-2865fbb68c91}
>>
>
>
> This may or may not work as the fix appears to be temporary (e.g. it
> doesn't work after FireFox is restarted).
>
Editing compreg.dat is permanent between restarts, as long as you don't
install additional extensions. I just tested this with Firefox 1.0 and
Mozilla 1.7.5 on WinXP.
> I came across a very nice solution to this problem on another mailing list.
> Install the ``Adblock'' extension (Tools->Extensions). Restart FireFox,
> then go to Tools->Adblock and add the filter pattern: /[^\x20-\xFF]/.
> This will block andy URL that uses characters outside the normal ASCII range.
>
Very interesting. I see that's been added to the link I sent as well. Nice.
Regards,
Tim
More information about the Linux-users
mailing list