This is a very new security issue, but it's also extremely easy to resolve. The next release of Firefox will have this fix, but if you are using 1.0.6 or earlier, all you have to do is type in:

about:config

into the address bar.

Then use the 'Filter' field, and copy in this:

network.enableIDN

this will bring up the network.enableIDN option.

click on the item below, then right click on the highlighted area. Select 'toggle'. This will change it from 'true' to 'false'. If it was already set to 'false' of course don't do anything, you're already protected.

If you need more instructions, including the optional xpi patch that will do the above automatically, just go to the Mozilla/Firefox page and follow the directions there.

But this is all it takes.

The security hole will be fixed on the next Firefox release. As usual, this exploit was not used in the wilds, but was detected by security researchers and the patch was released within hours of the announcement.
Back to top

Got it, thanks!
Back to top