Looking For

What Firefox and Mozilla users should know about the IDN buffer overflow security issue

On September 6, 2005, a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, 2005, the Mozilla team released a configuration change which resolves this problem by explicitly disabling IDN in the browser. The fix is either a manual configuration change or a small download which will make this configuration change for the user.

On September 21, 2005, the Mozilla team released version Firefox 1.0.7 which fixed the IDN buffer overflow. As of that version it is no longer necessary to disable IDN. All users are urged to upgrade to the latest version of Firefox.

Get Firefox.