Serious vulnerability discovered in Mozilla and Firefox Browsers
While Microsoft cancelled its scheduled release of monthly security updates on 13 September 2005, a serious buffer overflow vulnerability has been discovered in the Mozilla and Firefox browsers. This vulnerability involves the browser's handling of International Domain Names (or IDNs) and could potentially allow an attacker to run malicious code on an affected computer by planting such code on a website.
Mozilla has released a patch against this vulnerability that disables the browser's IDN support as well as instructions on how to disable this manually. Mozilla and Firefox users are advised to download and apply the patch as soon as possible or follow the instructions on Mozilla's website. Mozilla is reportedly working on a more permanent solution to be included in future versions.
Firefox has been growing fast in popularity since its official release in November 2004 and now makes up around 19% of all visits to www.f-prot.com.
- "What Firefox and Mozilla users should know about the IDN buffer overflow security issue"
- Firefox and Mozilla security patch