For those people I know who wouldn’t otherwise know about this:
Excerpt:
Firefox 1.0.1 out, squashes most security bugs
The first update to open-source browser Firefox is out. Released late yesterday, Firefox 1.0.1 aims to fix a slew of vulnerabilities. Foremost among those are domain-spoofing and cross-site scripting bugs. According to the Mozilla Foundation, 1.0.1’s release was pushed forward in order to take care of the International Domain Name bug. That particular bug results from Firefox’s implement of the IDN specification which allows the use of non-English characters in URL names. So substituting the “a” in amazon.com with а will result in Firefox displaying “%u0430mazon.com” in the address bar, while directing users to an entirely different site. The IDN issue is not unique to Firefox, as it also affects Opera, Safari, and OmniWeb %u2014 but not Internet Explorer.
Leave a Reply
You must be logged in to post a comment.