On Thu, 17 Feb 2005 00:44:14 -0500 Gene Heskett <gene.heskett@xxxxxxxxxxx> wrote: > On Wednesday 16 February 2005 20:02, Robert Storey wrote: > > >Let me add to what I wrote above. You can (and should) turn off the > >internationalization feature in Mozilla and Firefox. > > > >"The attack can be disabled in Firefox and Mozilla by setting > >'network.enableIDN' to false in the browser's configuration (enter > >about:config in the address bar to access the configuration > > functions). The Mozilla development team today made this the > > default setting. Users who want IDN support will be able to turn it > > on, but will be warned about the risks involved." > > I've done this, to copies of both that are about a month old. Is this > > really sufficient? Yes, that's all you really need to do to stop this particular exploit. Of course, that's no guarantee that some other exploit won't be uncovered in the future. I guess it should be pointed out that IDN support is not a bug, it's a feature. Unfortunately, it's a feature that could be used by those with a mind to do evil. cheers, Robert
