Highly Critical Firefox Security Vulnerability Discovered--No Patch Available

[mandy]

a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.

The flaw also exists in Mozilla and Netscape

http://secunia.com/advisories/16764 Firefox
http://secunia.com/advisories/16767/  Mozilla
http://secunia.com/advisories/16766/  Netscape

[Nat]

Hopefully there will be an updated to each browser soon.  I love each browser's solution (firefox, mozilla, netscape) to this critical vulnerability:  "Solution:  Don't browse untrusted web sites."  I can think of a better solution - they fix the problem and have patches or upgrades to the browsers.  I'm sure they will eventually but jeepers, what a silly thing to say for a solution.  A lot of people still trust the phishing emails they get about eBay, paypal, etc and enter their id's and passwords, how are the same people and others going to understand what a trusted site is and isn't?

[Nat]

I was just snooping around and found this on the mozilla site:

Security Advisory (September 9, 2005) The Mozilla Foundation is aware of a potentially critical security vulnerability in Mozilla and Firefox browsers' support for IDN, as reported publicly on September 8. There are currently no known active exploits of this vulnerability although a "proof of concept" has been reported. To protect yourself against this exploit, follow these instructions: https://addons.mozilla.org/messages/307259.html

source: http://www.mozilla.org/security/

[mandy]

Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla web browsers, a sign that attacks could be on the way.

http://software.silicon.com/security/0,3...263,00.htm