Tuesday, February 08, 2005

Firefox security alert and fix

I'm a big Firefox user and I know a lot of you are too, so I wanted to share this post on O'DonnellWeb that details a Firefox security vulnerability and how to fix it.  Note that this fix is very easy, but you are screwing around with configuration settings of the browser, so be careful.  From the post:

This is scary, Firefox is vulnerable to a specific type of phishing attack. See demo at http://www.shmoo.com/idn/

Here is the fix.

1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.

2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.

3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.

4) Go check out the shmoo demo again and notice it no longer works


Stephen Pierzchala said...


Open a new tab

Type about:config in the address bar

Double-click on network.IDN -> This will change the TRUE to FALSE

Close tab

Johnny Canuck said...

I can relate to that post. Finding the right domain name these days is more challenging and definitely more critical to getting good search engine positioning.

I really enjoy your blog, keep us posted.

Mike said...

make money on the net
is easy. make money on the net

Jeff james said...

Hello, nice stuff on your site. I need to spend more time on my site about VOIP and other voip business opportunity stuff. Thanks for some ideas.

Admin said...

Great blog, keep up the good work. Glad to see sites like this.

Here is another good site I said I would pass along.
Domain Names