MozillaZine

IDN spoofing vulnerability: temporary fix (works 100%)

User Help for Mozilla Firefox
johnzap
 
Posts: 16
Joined: April 3rd, 2004, 8:21 pm

Post Posted February 7th, 2005, 5:37 pm

Added by Vectorspace:
A newly discovered security vulnerability in Firefox allows websites to to spoof the url in the address bar, status bar, and certificate. FOr more information, go here: http://secunia.com/multiple_browsers_idn_spoofing_test/
Below is a temporary fix - it disables the feature that allows this until a more permanent fix is provided.

The workaround for firefox seems to be an edit to your compreg.dat.

For windows
c:\Documents and Settings\$USER\Application Data\Mozilla\Firefox\Profiles\default.random\compreg.dat

For UNIX
~/.mozilla/firefox/default.random/compreg.dat

Removing the line that references IDN makes the problem go away. Using Find, there was a single reference for the UNIX host and 2 for the Win32 host. Removing the lines and restarting the browser makes the attack fail regardless of the about:config/userprefs.js value.

Here's an example entry.

{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so


This was extracted from this link: http://www.dslreports.com/forum/remark, ... 9~start=20

Instead of deleting the line (1 in Linux) or lines (2 in Win) you can just comment them out by using the character # .

Did it and it works.

monkeyman
 
Posts: 1183
Joined: April 2nd, 2003, 11:07 pm

Post Posted February 7th, 2005, 7:06 pm

It sure does. Thanks. :D

Justsayno

User avatar
 
Posts: 52
Joined: November 19th, 2004, 9:59 am

Post Posted February 7th, 2005, 7:16 pm

Less than 12 hours from 'found' to 'fixed', Hmmmmm, not bad, not bad at all.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2, Windows XP pro, P4 3GHZ HT, 1GB DDR SDRAM

monkeyman
 
Posts: 1183
Joined: April 2nd, 2003, 11:07 pm

Post Posted February 7th, 2005, 7:24 pm

This should probably be a "sticky" for a while.

lynchknot
 
Posts: 6253
Joined: November 4th, 2002, 7:36 pm

Post Posted February 7th, 2005, 8:41 pm

lol - posted 4:01pm: http://forums.mozillazine.org/viewtopic ... t=#1216193 - but I posted in it's thread - did not start my own.

AnonEmoose
 
Posts: 2031
Joined: February 6th, 2004, 11:59 am

Post Posted February 7th, 2005, 10:44 pm


em_te

User avatar
 
Posts: 357
Joined: June 13th, 2004, 1:03 am

Post Posted February 7th, 2005, 10:57 pm

Justsayno wrote:Less than 12 hours from 'found' to 'fixed', Hmmmmm, not bad, not bad at all.

Not really. The exploit was first posted on Jan 19th according to the advisory which was about 2.5 weeks ago. But still a lot better than IE's track record though.

Vectorspace
Moderator

User avatar
 
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK

Post Posted February 8th, 2005, 1:44 am

I'll Sticky it.
Question - what does the feature we're disabling do?

A more clear description of what you need to do:

1. Find your profile. The location varies with operating system:
Windows XP/2000: C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Windows NT: C:\WINNT\Profiles\[UserName]\Application Data\Mozilla\Firefox\xxxxxxxx.default\
Windows 95/98/Me: C:\Windows\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Windows 95/98/Me(with user logon): C:\Windows\Profiles\[UserName]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Linux: ~/.mozilla/firefox/xxxxxxxx.default/
MacOS X: ~/Library/Application Support/Firefox/xxxxxxxx.default/
MacOS X (alternate): ~/Library/Mozilla/Firefox/Profiles/<Profile name>/
xxxxxxxx is a string of 8 random letters/numbers. You may need to enable the viewing of hidden files/folders to find it.

2. Back up the file 'compreg.dat'

3. Right-click on the file 'compreg.dat' and open it with a text editing program - something more advanced that notepad, like wordpad.

4. Use the Find command to search for IDN. Add a # to the beginning of every line containing the text IDN

5. Save the file and exit, and restart Firefox.
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

Hendikins

User avatar
 
Posts: 26
Joined: December 31st, 1969, 5:00 pm
Location: On a train

Post Posted February 8th, 2005, 1:58 am

Vectorspace wrote:I'll Sticky it.


You're about 6 hours too late :-)

Vectorspace
Moderator

User avatar
 
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK

Post Posted February 8th, 2005, 2:01 am

I can't believe I missed that. D'oh!
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

Hendikins

User avatar
 
Posts: 26
Joined: December 31st, 1969, 5:00 pm
Location: On a train

Post Posted February 8th, 2005, 2:02 am

Maybe it shows that we need to reduce the number of sticky threads around here, and maybe only use them for temporary stuff (like this) *grin*

Captn

User avatar
 
Posts: 43
Joined: May 18th, 2004, 2:06 pm

Post Posted February 8th, 2005, 2:48 am

Vectorspace wrote:I'll Sticky it.
Question - what does the feature we're disabling do?

A more clear description of what you need to do:

1. Find your profile. The location varies with operating system:
Windows XP/2000: C:\Documents and Settings\[User Name]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Windows NT: C:\WINNT\Profiles\[UserName]\Application Data\Mozilla\Firefox\xxxxxxxx.default\
Windows 95/98/Me: C:\Windows\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Windows 95/98/Me(with user logon): C:\Windows\Profiles\[UserName]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\
Linux: ~/.mozilla/firefox/xxxxxxxx.default/
MacOS X: ~/Library/Application Support/Firefox/xxxxxxxx.default/
MacOS X (alternate): ~/Library/Mozilla/Firefox/Profiles/<Profile name>/
xxxxxxxx is a string of 8 random letters/numbers. You may need to enable the viewing of hidden files/folders to find it.

2. Back up the file 'compreg.dat'

3. Right-click on the file 'compreg.dat' and open it with a text editing program - something more advanced that notepad, like wordpad.

4. Use the Find command to search for IDN. Add a # to the beginning of every line containing the text IDN

5. Save the file and exit, and restart Firefox.


So is this the correct way to do it?

Example: #@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}

I only found 2 lines that contain IDN in them with the "Find" is this correct also. Thank You in advance.

ceb_it
Guest
 

Post Posted February 8th, 2005, 3:01 am

Any link to test it?

johnzap
 
Posts: 16
Joined: April 3rd, 2004, 8:21 pm

Post Posted February 8th, 2005, 3:41 am

Captn wrote:So is this the correct way to do it?

Example: #@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}

I only found 2 lines that contain IDN in them with the "Find" is this correct also. Thank You in advance.


Yes, that is correct. Just comment out those 2 lines you found and that's it. But beware if you add things to FF, the compreg.dat will be regenerated and those 2 lines will be de-commented again.

johnzap
 
Posts: 16
Joined: April 3rd, 2004, 8:21 pm

Post Posted February 8th, 2005, 3:42 am


Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 11 guests