FireFox Exploit (And others, but not IE this time) - GoFuckYourself.com

goBigtime · 02-09-2005, 06:47 PM

Test it here...

http://www.shmoo.com/idn/

There is a link to the advisory there too.

In firefox you can fix it yourself until they issue a new version:

Type about:config in your address bar.

Scroll down to network.enableIDN and double-click it to set it to false

IDN = International Domain Name

goBigtime · 02-09-2005, 06:56 PM

Vulnerable browsers include (but are not limited to):

Most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc)
Safari 1.2.5
Opera 7.54
Omniweb 5

Vendor Responses:

Verisign: No response yet.
Apple: No response yet.
Opera: They believe they have correctly implemented IDN, and will not be
making any changes.
Mozilla: Working on finding a good long-term solution; provided clear
workaround for disabling IDN.

Mozilla/Firefox first to offer a fix

Jace · 02-09-2005, 07:00 PM

rofl, i thought firefox was immune to this shit?

quantum-x · 02-09-2005, 07:02 PM

Slashdot cross poster eh?

It's not actually so much that IE isn't vulnerable, it just doesnt support the IDN standard. If you installed the plugin, it will be.

On the flip side, it's not so much FF that is vulnerable as the plugin

e-god · 02-09-2005, 07:08 PM

as firefox is getting more popular more exploits are being found, waiting till nerds will start to write malicious viruses and worms that will go thru firefox

goBigtime · 02-09-2005, 07:09 PM

Quote:

Originally Posted by quantum-x

Slashdot cross poster eh?

I don't read the forums much, usually just the headlines.

A friend IM'd me with the info a few mins before I started this thread.

goBigtime · 02-09-2005, 07:11 PM

Quote:

Originally Posted by e-god

as firefox is getting more popular more exploits are being found, waiting till nerds will start to write malicious viruses and worms that will go thru firefox

With firefox, If they don't write and exploit them within an hour of the exploit being released then they'll probably be too late :P

02-09-2005, 06:47 PM	#1
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	FireFox Exploit (And others, but not IE this time) Test it here... http://www.shmoo.com/idn/ There is a link to the advisory there too. In firefox you can fix it yourself until they issue a new version: Type about:config in your address bar. Scroll down to network.enableIDN and double-click it to set it to false IDN = International Domain Name

02-09-2005, 07:02 PM	#4
quantum-x Confirmed User Join Date: Feb 2002 Location: ICQ: 251425 Fr/Au/Ca Posts: 6,863	Slashdot cross poster eh? It's not actually so much that IE isn't vulnerable, it just doesnt support the IDN standard. If you installed the plugin, it will be. On the flip side, it's not so much FF that is vulnerable as the plugin __________________ PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

02-09-2005, 07:08 PM	#5
e-god Confirmed User Join Date: Jan 2003 Location: BabeLand Posts: 1,736	as firefox is getting more popular more exploits are being found, waiting till nerds will start to write malicious viruses and worms that will go thru firefox __________________

02-09-2005, 06:56 PM	#2
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	Vulnerable browsers include (but are not limited to): Most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc) Safari 1.2.5 Opera 7.54 Omniweb 5 Vendor Responses: Verisign: No response yet. Apple: No response yet. Opera: They believe they have correctly implemented IDN, and will not be making any changes. Mozilla: Working on finding a good long-term solution; provided clear workaround for disabling IDN. Mozilla/Firefox first to offer a fix

02-09-2005, 07:00 PM	#3
Jace FBOP Class Of 2013 Industry Role: Join Date: Jan 2004 Location: bumfuck, ky Posts: 35,562	rofl, i thought firefox was immune to this shit?