Warning! Security vulnerability found in browsers!

  dagwoood 01:48 08 Feb 05
Locked

A new vulnerability has been found that affects Firefox, Opera and Konqueror.

click here

Suggest you try this test click here and follow any advice.

dagwoood.

  pc moron 01:53 08 Feb 05

Here's me thinking it would be IE again!

  dagwoood 01:57 08 Feb 05

I couldn't add "I.E.not affected", I used up all the characters available with the description I used.

It does make a change for I.E.not to be vulnerable though.

dagwoood.

  pc moron 02:14 08 Feb 05

I've followed the links and done the test and I get "click here" in the address bar and "The page cannot be displayed" in IE6.

IE6 is not displaying a Secunia page- so I assume it's okay.

  pc moron 02:16 08 Feb 05

I've followed the links and done the test and I get "www. paypal.com" in the address bar and "The page cannot be displayed" in IE6.

IE6 is not displaying a Secunia page- so I assume it's okay.

  pc moron 02:20 08 Feb 05

Come to think of it, this expliot was fixed in IE sometime ago.

  bertiecharlie 09:29 08 Feb 05

In Firefox there is a short term workaround. Type about:config in your address bar and double click network.enableIDN to change it from true to false.

I just tried the test again and the paypal page could not be found.

Whilst writing this I've been using another tab and Firefox appears to work normally with the above set to false.

When you close and restart Firefox, network.enableIDN will revert back to true so you would have to make this change everytime you opened Firefox until they issue a patch.

This is no good for me as I'll probably forget lol.

(There is a more permanent solution by messing about with your compreg.dat file but I'm getting into unknown territory there.)

  dagwoood 10:30 08 Feb 05

Thanks for the workaround :).

If you want to edit the compreg.dat file that bertiecharlie mentioned, here's a link explaining how to do it click here

Please note, if you do edit the dat file, if you install any extensions/themes, you will need to edit the dat file again.

dagwoood.

  bertiecharlie 12:15 08 Feb 05

I need to clarify what I've written above. After setting network.enableIDN to false, when you close and then reopen Firefox its still set at false but it doesn't prevent the exploit.

When restarting Firefox, in about:config you need to double click network.enableIDN to set it to true and then double click it again to set to false. Now you are protected until you close down Firefox and restart at which time you have to do it all again.

Might be an idea just to wait until they patch it!

  Mikè 14:27 08 Feb 05

"A new vulnerability has been found that affects Firefox, Opera and Konqueror"

This issue has not been fixed in Opera 8 beta either.

  bertiecharlie 23:22 09 Feb 05

For anyone concerned about this, here is perhaps a better solution.

Install the Adblock Firefox extension for Firefox from click here

Install an Adblock Filter. I use RejZor’s from click here (Be patient as sometimes this web page takes a while to open).

In Firefox, go to Tools\Adblock\Preferences\Adblock Options.Tick Site Blocking.

Add the following filter /[^\x20-\xFF]/

This will block any URL that uses characters outside the normal ASCII range, (don’t ask me what this means). The above also works with Mozilla.

When you click on the security test in dagwoood’s first post, the page will be blocked. I’ve had Firefox and Mozilla set up like this most of the day and have been able to access websites normally. You can easily undo any of the above changes, however.

Original information from click here

The Spoofstick extension will now also block it, but its quite a big toolbar I think so would reduce your viewing space.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…