Security Fix?

Discussion in 'Firefox' started by John, Sep 10, 2005.

  1. John

    John Guest

    http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    lists a "security Fix" for Mozilla Firefoz, with a clickable link to download
    the patch.

    When I tried, a line appeared "To protect your computer, Firefox prevented this
    site (http://blogs.washingtonpost.com) from installing software on your
    computer.

    Question: Is the patch required?
    Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    purpose?

    Thanks for your help!

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
    John, Sep 10, 2005
    #1
    1. Advertising

  2. John <>< wrote:

    > http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    > lists a "security Fix" for Mozilla Firefoz, with a clickable link to download
    > the patch.
    >
    > When I tried, a line appeared "To protect your computer, Firefox prevented this
    > site (http://blogs.washingtonpost.com) from installing software on your
    > computer.
    >
    > Question: Is the patch required?


    Most folk seem to think it's required.

    > Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    > purpose?


    Don't know. But I got the patch from mozilla.org, and I'd think it's
    about as trustworthy as you could get:

    https://addons.mozilla.org/messages/307259.html

    --
    Baxter
    Baxter Tocher, Sep 10, 2005
    #2
    1. Advertising

  3. John

    John Guest

    On Sat, 10 Sep 2005 17:15:53 +0100, Baxter Tocher <> wrote:


    >
    >Don't know. But I got the patch from mozilla.org, and I'd think it's
    >about as trustworthy as you could get:
    >
    >https://addons.mozilla.org/messages/307259.html


    Thanks, Baxter!

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
    John, Sep 10, 2005
    #3
  4. John

    Jedi Fans Guest

    John <>< wrote:
    > http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    > lists a "security Fix" for Mozilla Firefoz, with a clickable link to download
    > the patch.
    >
    > When I tried, a line appeared "To protect your computer, Firefox prevented this
    > site (http://blogs.washingtonpost.com) from installing software on your
    > computer.
    >
    > Question: Is the patch required?
    > Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    > purpose?
    >
    > Thanks for your help!
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.

    <http://www.mozilla.org/security/idn.html>

    --
    Hope This Helped and MTFBWY...
    Kieren aka JediFans - <URL:http://jedifans.com/>
    The Force Is With Me, SuSE Linux Professional 9.3, Mozilla Firefox
    1.0.6, Mozilla Thunderbird 1.5 Alpha 2 and Revenge Of The Sith!
    Jedi Fans, Sep 10, 2005
    #4
  5. John

    Ed Mullen Guest

    Jedi Fans wrote:

    > John <>< wrote:
    >
    >> http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    >> lists a "security Fix" for Mozilla Firefoz, with a clickable link to
    >> download
    >> the patch.
    >>
    >> When I tried, a line appeared "To protect your computer, Firefox
    >> prevented this
    >> site (http://blogs.washingtonpost.com) from installing software on your
    >> computer.
    >>
    >> Question: Is the patch required?
    >> Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    >> purpose?
    >>
    >> Thanks for your help!
    >>
    >> John <><
    >>
    >> A wise monkey is a monkey who doesn't monkey with an other monkey's
    >> monkey.

    >
    > <http://www.mozilla.org/security/idn.html>
    >


    Does anyone know how this vulnerability is different from the one
    discovered way back in FF 1.0 and Moz Suite 1.7.5 (and fixed in 1.0.1
    and 1.7.6 respectively)? As far as I can tell the previous fix handles
    this as well.


    --
    Ed Mullen
    http://edmullen.net
    http://mozilla.edmullen.net
    A husband is someone who takes out the trash and gives the impression he
    just cleaned the whole house.
    Ed Mullen, Sep 10, 2005
    #5
  6. John

    Arne Guest

    Once upon a time *Ed Mullen* wrote:

    > Jedi Fans wrote:
    >
    >> John <>< wrote:
    >>
    >>> http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    >>> lists a "security Fix" for Mozilla Firefoz, with a clickable link to
    >>> download
    >>> the patch.
    >>>
    >>> When I tried, a line appeared "To protect your computer, Firefox
    >>> prevented this
    >>> site (http://blogs.washingtonpost.com) from installing software on your
    >>> computer.
    >>>
    >>> Question: Is the patch required?
    >>> Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    >>> purpose?
    >>>
    >>> Thanks for your help!
    >>>
    >>> John <><
    >>>
    >>> A wise monkey is a monkey who doesn't monkey with an other monkey's
    >>> monkey.

    >>
    >> <http://www.mozilla.org/security/idn.html>
    >>

    >
    > Does anyone know how this vulnerability is different from the one
    > discovered way back in FF 1.0 and Moz Suite 1.7.5 (and fixed in 1.0.1
    > and 1.7.6 respectively)? As far as I can tell the previous fix handles
    > this as well.
    >


    I just manually configured my Moz Suite 1.7.8 (in about:config). I
    don't know the difference, but if it was fixed i 1.7.5 why do I now
    have to change network.enableIDN value to "false" as it says on the
    page above? Mine was set to "true" until I just changed it.



    --
    /Arne
    You will be ignored if you top post, don't quote what
    you are replying to and cut of only the signatures!
    http://www.safalra.com/special/googlegroupsreply/
    Arne, Sep 10, 2005
    #6
  7. John

    Ed Mullen Guest

    Arne wrote:
    > Once upon a time *Ed Mullen* wrote:
    >
    >
    >>Jedi Fans wrote:
    >>
    >>
    >>>John <>< wrote:
    >>>
    >>>
    >>>>http://blogs.washingtonpost.com/securityfix/2005/09/mozilla_issues_.html
    >>>>lists a "security Fix" for Mozilla Firefoz, with a clickable link to
    >>>>download
    >>>>the patch.
    >>>>
    >>>>When I tried, a line appeared "To protect your computer, Firefox
    >>>>prevented this
    >>>>site (http://blogs.washingtonpost.com) from installing software on your
    >>>>computer.
    >>>>
    >>>>Question: Is the patch required?
    >>>>Question: Is http://blogs.washingtonpost.com a trustworthy site for this
    >>>>purpose?
    >>>>
    >>>>Thanks for your help!
    >>>>
    >>>>John <><
    >>>>
    >>>>A wise monkey is a monkey who doesn't monkey with an other monkey's
    >>>>monkey.
    >>>
    >>><http://www.mozilla.org/security/idn.html>
    >>>

    >>Does anyone know how this vulnerability is different from the one
    >>discovered way back in FF 1.0 and Moz Suite 1.7.5 (and fixed in 1.0.1
    >>and 1.7.6 respectively)? As far as I can tell the previous fix handles
    >>this as well.
    >>

    >
    >
    > I just manually configured my Moz Suite 1.7.8 (in about:config). I
    > don't know the difference, but if it was fixed i 1.7.5 why do I now
    > have to change network.enableIDN value to "false" as it says on the
    > page above? Mine was set to "true" until I just changed it.
    >
    >
    >


    Mine was set to "false" but will not swear that I didn't change it prior
    to this. My suspicisions come from the research I did at the time of
    the original alert. See:

    mozilla.edmullen.net/moz_idn.html
    mozilla.edmullen.net/moz_idn_proxy.html

    It's a bad alert that doesn't fully explain the exploit, doesn't provide
    a test of the fix, or doesn't detail how this differs from one of the
    same descriptive name of several months ago.


    --
    Ed Mullen
    http://edmullen.net
    http://mozilla.edmullen.net
    Chastity is curable if detected early.
    Ed Mullen, Sep 11, 2005
    #7
  8. John

    Splibbilla Guest

    Baxter Tocher <> in news::

    > https://addons.mozilla.org/messages/307259.html


    On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem,
    disables IDN in the browser.

    network.enableIDN
    this was set "true" in recent dl:
    Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8b4) Gecko/20050911 Firefox/1.4
    (sept 11)

    but i guess the newest installs would set the pref to false?
    Splibbilla, Sep 14, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    595
    COMSOLIT Messmer
    Sep 5, 2003
  2. Nick

    security fix

    Nick, Jan 5, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    497
    Jason
    Jan 5, 2006
  3. Mosley Jones III
    Replies:
    10
    Views:
    1,255
    Victor
    Oct 8, 2006
  4. - Bobb -

    adobe security issue / fix messes up my dual boot PC

    - Bobb -, Sep 17, 2010, in forum: Computer Information
    Replies:
    0
    Views:
    446
    - Bobb -
    Sep 17, 2010
  5. - Bobb -

    Microsoft issues its biggest-ever security fix

    - Bobb -, Oct 13, 2010, in forum: Computer Information
    Replies:
    11
    Views:
    585
    JBieber
    Oct 14, 2010
Loading...

Share This Page