Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

Firefox 1.0.1 Security Update Released

Send Article to a Friend

Firefox 1.0.1 Security Update Released -- The Mozilla Organization last week released Firefox 1.0.1 for all platforms, which fixes a number of small security holes or potential problems, notably the homograph spoofing problem we've talked about recently in TidBITS (see "Don't Trust Your Eyes or URLs" in TidBITS-766). The updated version includes a new preference, network.IDN_show_punycode, which is set to true. (To access this preference, enter "about:config" in the Location field and press Return; it's probably easiest to then type "IDN" in the Filter field to display the preference.)

<http://www.mozilla.org/products/firefox/ all.html>
<http://www.mozilla.org/projects/security/known- vulnerabilities.html>
<http://db.tidbits.com/article/07983>

Instead of seeing the actual display of international characters in domain names, you'll see the punycode or Unicode-to-Roman mapping when you visit a site that is attempting to pass itself off as another site using this technique. The Shmoo Group, which exposed this visual vulnerability, have a demonstration on their site. The second o in shmoo in the links at the top of that page is a homograph, or a letter that looks like another letter. Before Firefox 1.0.1, the links and the destination of the fake domains at the top of that page would read "http://www.theshmoogroup.com/". Now they appear as "http://www.xn--theshmogroup-bgk.com/".

<http://www.shmoo.com/idn/>

The English version of Firefox 1.0.1 for Mac OS X is an 8.7 MB download; note that not all language versions have been updated yet.

 

Fujitsu ScanSnap Scanners — Save your business time and money
with our easy-to-use small ScanSnap Scanner line. Eliminate
paper piles by scanning documents, business cards, and receipts.
Visit us at: <http://budurl.me/sstb>