Hot-screensaver

Responding to reports this week of a dangerous security flaw in its popular Firefox Web browser, Mozilla released a fix to protect Firefox and Mozilla users.

This unpatched flaw could let attackers secretly run malicious software on users’ PCs. Mike Schroepfer, director of engineering at Mozilla is quoted, “The problem has to do with the way Firefox and Mozilla browsers handle International Domain Names, or IDNs. IDNs are domain names that use local language characters. The fix disables support for such Web addresses”.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year’s end, Schroepfer said.

Firefox and Mozilla users can apply the patch by visiting this link, and then clicking on “Install now” in the window that pops up. Afer it is fully downloaded and installed, close and restart Firefox or Mozilla.

To verify that the fix is installed correctly:
In your web browser, click Help -> About Mozilla Firefox and verify that the user agent string contains “(no IDN)”. See screenshot: