important! for all who use firefox

[zaitsev]

Quote:

A newly uncovered vulnerability in most browsers can allow hackers to spoof the URL displayed in the address bar and the SSL certificate, a security firm warned Monday. The one exception? Microsoft's Internet Explorer. Danish security company Secunia posted an alert describing the vulnerability -- which affects Mozilla, Firefox, Safari, Opera, and Konqueror -- as a moderately critical problem. The vulnerability impacts every browser built atop the open-source Geko browser kernel -- nearly all except IE -- because of a flaw in handling International Domain Names (IDN).

The vulnerability has been confirmed in the latest version of Firefox, v. 1.0, as well as in Mozilla 1.7.5, Opera 7.54u1, Opera 7.54u2, Safari 1.2.4, Konqueror 3.2.2, and Netscape 7.2. Other editions of these browsers, however, may also be at risk, said Secunia, which posted an online test on its Web site: http://secunia.com/multiple_browsers_idn_spoofing_test/

a quick fix for it for firefox is to diasble network.enableIDN in about :config

[BOne]

thankx for the info man always good to have a forum post usefull knowledge

[zaitsev]

i been told that the fix i stated 1st doesnt work, so to get it fixed right follow the instructions at:

http://forums.mozillazine.org/viewtopic.php?t=215221

[Hellfighter]

it no biggie if you using IE 5 or higher.

SYMPTOMS
When you try to visit a Web site that uses an internationalized domain name (IDN), you may receive an error message that is similar to the following error message:

reason:
CAUSE
This issue occurs because Microsoft Internet Explorer does not support IDNs. IDNs use non-ASCII characters, and Internet Explorer cannot resolve a URL whose domain name contains non-ASCII characters.

it don't support IDNs at all.

source:
http://support.microsoft.com/default...b;en-us;842848

so i am happy what i don't have they can't hack

[zaitsev]

yep, it only affects Mozilla, Firefox, Safari, Opera, and Konqueror