okay I get you
Its probably a phishing hole- where someone could ceate a domain name that contains odd characters that look like normal characters (ie. www.gόόgle.com). Browser with holes can get confused.
And most of the time, when a company releases new versions, they just add more code to the core set. This means that if you are using the first version, the newest version security issues pertain to you as well.
Mozilla and firefox contain the same core engine.
Grumble Grumble Grumble
This is more then just a simple Phishing obscuration problem. The CNET article mentions a buffer over-run issue. And anything with a buffer over-run problem has the possibility of a remote code exploit!!!Originally Posted by know1
I guess it probably would have helped my uderstanding of it had I read the article first.
DOH!
You're right, that serious stuff- and such a simple flaw too.
Grumble Grumble Grumble
Someone now claims to have developed a remote code exploit that takes advantage of this issue. This changes the issue from a potential problem to a very critical problem. It's only a matter of days before we start seeing this exploit used in the wild...
Related CNET article...
http://news.com.com/Hackers+work+to+...tml?tag=cd.top
The problem might be over soon, as the version 1.0.7 update (which has just gotten a release candidate) already has a fix to the IDN security flaw. Whether it's just a disablement or a real fix is a bit unclear, but by looking at the Burning Edge for Firefox pre-1.0.7 builds it looks like the current bug has already been fixed permamently.
Just remember to update your browsers when this thing comes out so that you'll have no problems with potential malicious websites.
Sources:
Firefox 1.0.7 Release candidates out (clicky)
The Burning Edge - pre- 1.0.7 releases (clicky)
人生フゥ~!!!
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks