พบช่องโหว่ใน Firefox เกี่ยวกับ IDN buffer overflow ซึ่งมีผลกับทุกเวอร์ชัน
วิธีการ patch มี 2 วิธีคือ
- โหลดไฟล์มา patch (คลิก link จาก firefox)
http://ftp.mozilla.org/pub/mozilla.org/fir…ches/307259.xpi - แก้ไข Config
2.1 พิมพ์ about:config ที่ address bar แล้ว Enter
2.2 พิมพ์ network.enableIDN ในช่อง filter
2.3 Double Click ที่บรรทัด network.enableIDN ให้ค่าเป็น False
2.4 Restart Firefox
What Firefox and Mozilla users should know about the IDN buffer overflow security issue
On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.
How to update
There are two methods for resolving this problem. The first method is to install a small download and the second method is to manually change the browser configuration. You only need to do one of the two.
Installing the Patch
* To install the security patch for Firefox or the Mozilla Suite, follow these instructions:
1. Firefox and Mozilla Suite users click this link: [http://ftp.mozilla.org/pub/mozilla.org/fir...ches/307259.xpi](http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi)
2. In the Software Installation window, click the "Install Now" button.
3. Exit and restart your Mozilla or Firefox browser.
* To verify the fix in Firefox and the Mozilla Suite, be sure to restart the browser and then follow these steps:
1. In Firefox Click Help -> About Mozilla Firefox and verify that the user agent string contains "(noIDN)"
2. In the Mozilla Suite Click Help -> About Mozilla and verify that the user agent string contains "(noIDN)"
Manually Configuring the Browser
* To manually change the browser configuration for Firefox or the Mozilla Suite, follow these instructions:
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Right click on the the network.enableIDN item and select toggle to change value to false.
* To verify the fix in your Firefox or Mozilla application, be sure to restart the browser and then follow these steps.
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Ensure that the the value for this item is set to false.
We value our users’ safety and security and will continue to make all efforts to release secure products and respond quickly when security vulnerabilities are identified in our software.