|
阅读:3271回复:11
FF 的临时补丁,仅建议极度缺乏安全感人士使用
就是刚刚那个缓冲区溢出的补丁了。
下载 http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi Mozilla offers temporary fix for Firefox flaw By Joris Evers http://news.com.com/2102-1002_3-5857511 ... util.print Story last modified Fri Sep 09 17:32:00 PDT 2005 Responding to the disclosure of a serious Web browser flaw, the Mozilla Foundation offered on Friday a temporary fix to protect Firefox and Mozilla users. The downloadable fix protects against attacks that take advantage of a new, unpatched flaw that could let attackers secretly run malicious software on users' PCs. The flaw was disclosed late Thursday by security researcher Tom Ferris, sending Mozilla staff into damage-control mode. The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs, said Mike Schroepfer, director of engineering at Mozilla. IDNs are domain names that use local language characters. The fix disables support for such Web addresses, he said. "This is a temporary work-around just to deal with the immediate issue," Schroepfer said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said. Though there is no known attack that takes advantage of the flaw, Mozilla advises Firefox and Mozilla users to disable IDN. "Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download," Schroepfer said. Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year's end, Schroepfer said. In addition to the downloadable fix, Mozilla on its Web site also offers instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false. IDNs have caused trouble for Mozilla in the past. A Firefox security update in February fixed a flaw that would allow domain spoofing using the special domain names. A spoofed link would seem to be a legitimate address, but instead of taking the victim to the trusted site, the link would lead to a phony Web site. Though vulnerabilities in Microsoft's Internet Explorer have been the focus of much of the concern, other browsers also have had their fair share of flaws. Security has been a main selling point for Firefox over IE, which has begun to see its market share dip slightly--for the first time in years. However, Firefox has had its own security woes. Several serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist. |
|
|
1楼#
发布于:2005-09-11 02:04
Fedora Core 4 Linux 的 Firefox 版本更新至 1.0.6-1.2,已经打上了这个补丁。
|
|
|
2楼#
发布于:2005-09-11 02:04
最新的1.5有没有打上这个补丁???
|
|
|
|
3楼#
发布于:2005-09-11 02:04
在 about:config 取消 idn 支持就可以。那个 xpi 也只是改这个设置,没需要。
http://forums.mozillazine.org/viewtopic.php?t=315499 |
|
|
|
4楼#
发布于:2005-09-11 02:04
原来如此啊.........
|
|
|
|
5楼#
发布于:2005-09-11 02:04
abc@home:在 about:config 取消 idn 支持就可以。那个 xpi 也只是改这个设置,没需要。 ABC老兄,有件事情我一直搞不明白,怎么你的FIREFOX是WACKO核心,大家用的FIREFOX都是GECKO核心呢?我在GOOGLE上也没找到这个WACKO是什么东东?可以满足一下我的好奇心吗?谢谢! |
|
|
6楼#
发布于:2005-09-11 02:04
Fx的一大特点就是可改造性比较强,只要你懂就可以按照自己的想法来做。
|
|
|
|
7楼#
发布于:2005-09-11 02:04
同意!
|
|
|
8楼#
发布于:2005-09-11 02:04
用户被禁言,该主题自动屏蔽! |
|
|
9楼#
发布于:2005-09-11 02:04
|
|
|
|
10楼#
发布于:2005-09-11 02:04
|
|
|
11楼#
发布于:2005-09-11 02:04
还有那个WACKO是怎么改出来的啊?我也想想玩玩。请多指教。
|
|
