Here the fix for the Gecko spoofing vulnerability

E

elaich

1. Open up your compreg.dat file which is found in your profile directory.

2. Use "find" to find any instance of "IDN." There should be three
instances, 2 of them in the same line.

3. Put the symbol # in front of both lines, marking them as comments rater
than executables.

4. Save the file. When you restart the browser, IDN will no longer in use
and the spoof will not work.

You go here to check it:

http://www.shmoo.com/idn/

You will now get a site not found box when you click on the spoofed links.
 
V

Vrodok the Troll

1. Open up your compreg.dat file which is found in your profile directory.

2. Use "find" to find any instance of "IDN." There should be three
instances, 2 of them in the same line.

3. Put the symbol # in front of both lines, marking them as comments rater
than executables.

4. Save the file. When you restart the browser, IDN will no longer in use
and the spoof will not work.

You go here to check it:

http://www.shmoo.com/idn/

You will now get a site not found box when you click on the spoofed links.
Click to expand...

Works nice. Thank you :)
 
Z

Zo

Vrodok said:
Works nice. Thank you :)
Click to expand...

Poster forgot to mention that if you install any extensions or theme's, you have
to do the fix again, because the compreg.dat file updates itself back to the
original setting. A more permanent fix is being worked on.

Zo
 
J

jason

elaich said:
1. Open up your compreg.dat file which is found in your profile
directory.
Click to expand...

Okay I'm behind in my reading, but I take it this is unique to Firefox and
doesn't affect Mozilla? (I don't have a compreg.dat file in Mozilla.)
 
E

elaich

Okay I'm behind in my reading, but I take it this is unique to Firefox
and doesn't affect Mozilla? (I don't have a compreg.dat file in
Mozilla.)
Click to expand...

It affects almost every browser BUT IE, even Opera. ALL of the Gecko
based browsers. IE is too stupid to use IDN.

I don't know if that's funny or downright sad.
 
J

jason

elaich said:
It affects almost every browser BUT IE, even Opera. ALL of the Gecko
based browsers. IE is too stupid to use IDN.
Click to expand...

Okay thanks. I had looked for "compreg.dat" under C:\WINDOWS\Application
Data\Mozilla\Profiles. But it turns out it's in Program Files
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New Zero Day IE vulnerability 0
Ebay and Paypal !! 26
spoof email? 3
PC Magazine article on Win XP SP 2 security hole 1
Thunderbird Mail Erroneous message counts - Found how to fix them! 3
On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 /Netscape 9 (pass 100%) 9
Microsoft - Here we go again 8
OT corrupted files, how to replace from CD? 21

Top