In the aftermath of the exposure of a serious Web browser flaw in Firefox, the Mozilla Foundation is offering a temporary fix for the issue. The flaw, which was disclosed late Thursday by security researcher Tom Ferris, could let attackers secretly run malicious software on users' PCs, and arises from the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs. IDNs are domain names that use local language characters, and the fix is basically to disable support for this.
"This is a temporary work-around just to deal with the immediate issue," Mike Schroepfer, director of engineering at Mozilla, said. "We're working on a future release in which we will actually fix the problem and re-enable the IDN feature." Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names, he said.