Tuesday, February 08, 2005

Firefox security alert and fix

I'm a big Firefox user and I know a lot of you are too, so I wanted to share this post on O'DonnellWeb that details a Firefox security vulnerability and how to fix it.  Note that this fix is very easy, but you are screwing around with configuration settings of the browser, so be careful.  From the post:

This is scary, Firefox is vulnerable to a specific type of phishing attack. See demo at http://www.shmoo.com/idn/

Here is the fix.

1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.

2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.

3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.

4) Go check out the shmoo demo again and notice it no longer works

2 comments:

Stephen Pierzchala said...

Or:

Open a new tab

Type about:config in the address bar

Double-click on network.IDN -> This will change the TRUE to FALSE

Close tab

Jeff james said...

Hello, nice stuff on your site. I need to spend more time on my site about VOIP and other voip business opportunity stuff. Thanks for some ideas.