# Firefox : IDN buffer overflow security issue



## mimo2005 (Oct 2, 2004)

On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, the Mozilla team released a configuration change which, as *a temporary measure * to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user.


https://addons.mozilla.org/messages/307259.html


----------



## norin (Dec 28, 2004)

thanks for posting this mimo, i had no idea, and i think many of us here use Firefox, so this is well appreciated

also does this affect Linux boxes as well?


----------



## mimo2005 (Oct 2, 2004)

norin said:


> thanks for posting this mimo, i had no idea, and i think many of us here use Firefox, so this is well appreciated
> 
> also does this affect Linux boxes as well?


*Versions Affected:*
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)



http://www.security-protocols.com/advisory/sp-x17-advisory.txt


----------



## norin (Dec 28, 2004)

ahhh thanks for that one.


----------



## koala (Mar 27, 2005)

Firefox 1.0.7 fixes this. Released today http://www.mozilla.org/products/firefox/releases/1.0.7.html


----------



## Spatcher (Apr 28, 2005)

Ah well, I've gone to the dark side, Opera version 8.5


----------

