You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

What Firefox and Mozilla users should know about the IDN buffer overflow security issue

On September 6, 2005, a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.

On September 9, 2005, the Mozilla team released a configuration change which resolves this problem by explicitly disabling IDN in the browser. The fix is either a manual configuration change or a small download which will make this configuration change for the user.

On September 21, 2005, the Mozilla team released version Firefox 1.0.7 which fixed the IDN buffer overflow. As of that version it is no longer necessary to disable IDN. All users are urged to upgrade to the latest version of Firefox.

Get Firefox.