Serious vulnerability discovered in Mozilla and Firefox Browsers

13 September 2005

While Microsoft cancelled its scheduled release of monthly security updates on 13 September 2005, a serious buffer overflow vulnerability has been discovered in the Mozilla and Firefox browsers. This vulnerability involves the browser's handling of International Domain Names (or IDNs) and could potentially allow an attacker to run malicious code on an affected computer by planting such code on a website.

Mozilla has released a patch against this vulnerability that disables the browser's IDN support as well as instructions on how to disable this manually. Mozilla and Firefox users are advised to download and apply the patch as soon as possible or follow the instructions on Mozilla's website. Mozilla is reportedly working on a more permanent solution to be included in future versions.

Firefox has been growing fast in popularity since its official release in November 2004 and now makes up around 19% of all visits to www.f-prot.com.

Relevant Links:

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement