Firefox Gets Major Security Makeover

edited February 2005 in Science & Tech
The Mozilla Foundation last Thursday rolled out a major security update to fix several known cross-site scripting and domain-spoofing vulnerabilities in the upstart Firefox browser.
The nonprofit foundation said the new Firefox 1.0.1 was rushed out to provide a temporary fix for the IDN (International Domain Name) bug that was first flagged earlier this month.

The upgrade also includes patches for two serious flaws that could allow malicious attackers to spoof the source displayed in the "Download Dialog" box or to spoof the content of Web sites.

Chris Hoffman, director of engineering at the Mozilla Foundation, described the overall Firefox upgrade as "moderately critical" and urged users to apply the fixes as a matter of urgency.

With the IDN patch, Hoffman said the browser now will display the IDN Punycode in the address bar, effectively blocking the spoofing of URLs.

The problem is caused because of an unintended result of the IDN implementation, which allows the use of international characters in domain names.
Source: eWeek

Comments

  • RewiredRewired Member
    edited February 2005
    Where can I get the update?
  • edited February 2005
    Just download the new version from Mozilla.org, and install it over your current version.
Sign In or Register to comment.