Warning! Security vulnerability found in browsers!

  dagwoood 01:48 08 Feb 2005
Locked

A new vulnerability has been found that affects Firefox, Opera and Konqueror.

click here

Suggest you try this test click here and follow any advice.

dagwoood.

  pc moron 01:53 08 Feb 2005

Here's me thinking it would be IE again!

  dagwoood 01:57 08 Feb 2005

I couldn't add "I.E.not affected", I used up all the characters available with the description I used.

It does make a change for I.E.not to be vulnerable though.

dagwoood.

  pc moron 02:14 08 Feb 2005

I've followed the links and done the test and I get "click here" in the address bar and "The page cannot be displayed" in IE6.

IE6 is not displaying a Secunia page- so I assume it's okay.

  pc moron 02:16 08 Feb 2005

I've followed the links and done the test and I get "www. paypal.com" in the address bar and "The page cannot be displayed" in IE6.

IE6 is not displaying a Secunia page- so I assume it's okay.

  pc moron 02:20 08 Feb 2005

Come to think of it, this expliot was fixed in IE sometime ago.

  bertiecharlie 09:29 08 Feb 2005

In Firefox there is a short term workaround. Type about:config in your address bar and double click network.enableIDN to change it from true to false.

I just tried the test again and the paypal page could not be found.

Whilst writing this I've been using another tab and Firefox appears to work normally with the above set to false.

When you close and restart Firefox, network.enableIDN will revert back to true so you would have to make this change everytime you opened Firefox until they issue a patch.

This is no good for me as I'll probably forget lol.

(There is a more permanent solution by messing about with your compreg.dat file but I'm getting into unknown territory there.)

  dagwoood 10:30 08 Feb 2005

Thanks for the workaround :).

If you want to edit the compreg.dat file that bertiecharlie mentioned, here's a link explaining how to do it click here

Please note, if you do edit the dat file, if you install any extensions/themes, you will need to edit the dat file again.

dagwoood.

  bertiecharlie 12:15 08 Feb 2005

I need to clarify what I've written above. After setting network.enableIDN to false, when you close and then reopen Firefox its still set at false but it doesn't prevent the exploit.

When restarting Firefox, in about:config you need to double click network.enableIDN to set it to true and then double click it again to set to false. Now you are protected until you close down Firefox and restart at which time you have to do it all again.

Might be an idea just to wait until they patch it!

  Mikè 14:27 08 Feb 2005

"A new vulnerability has been found that affects Firefox, Opera and Konqueror"

This issue has not been fixed in Opera 8 beta either.

  bertiecharlie 23:22 09 Feb 2005

For anyone concerned about this, here is perhaps a better solution.

Install the Adblock Firefox extension for Firefox from click here

Install an Adblock Filter. I use RejZor’s from click here (Be patient as sometimes this web page takes a while to open).

In Firefox, go to Tools\Adblock\Preferences\Adblock Options.Tick Site Blocking.

Add the following filter /[^\x20-\xFF]/

This will block any URL that uses characters outside the normal ASCII range, (don’t ask me what this means). The above also works with Mozilla.

When you click on the security test in dagwoood’s first post, the page will be blocked. I’ve had Firefox and Mozilla set up like this most of the day and have been able to access websites normally. You can easily undo any of the above changes, however.

Original information from click here

The Spoofstick extension will now also block it, but its quite a big toolbar I think so would reduce your viewing space.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Best of the Grad Shows 2017: University of the West of England (UWE)

Best value Mac: Which is the best £1249 Mac to buy

Les meilleures GoPro 2017