Firefox and Opera Update Browsers
Mozilla has reacted to a browser feature that leaves customers open to URL spoofing and other scams with the release of Mozilla Firefox 1.01. The spoof exploited flaws in how the Firefox browser interprets the Unicode a character set, which can be used to create “homogenic” attacks, where two different combinations of characters in an HTML link can display the same URL, but send users to different sites. Clients can avoid the attack in Firefox and Mozilla by setting ‘network.enableIDN’ to false in the browser’s configuration.
With these updates, Mozilla Foundation has settled on a workaround where International Domain Names are displayed by Firefox 1.0.1 as by default so that spoofed websites are easier to spot. Additionally, the new Opera browser (Opera 8 Beta 2) comes with the white listing of top-level domains that have implemented anti-homographic character policies.
“This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1,” the Mozilla Foundation said in its advisory. “For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names.”
Firefox developers are recommending the users to delete the old version first before upgrading to the latest security update. The latest version of this updated browser can be downloaded from the Mozilla Foundation website.
The Opera browser’s Opera 8 Beta 2 is also available online for download. Some other major changes in the updated release of Opera 8 Beta 2 are support for Atom Feed (Google GMail and Blogger Blogs use this format for RSS Syndication) and many other bug fixes. Google fans would be rejoiced that GMail, Google Maps, and Google Suggest all work fine with Opera now.