> >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
> >higher success ratio. It has also revealed that not only FireFox is
> >vulnerable to this vulnerability, but the exact same exploit works on the
> >latest releases of all these products based on the Mozilla engine:
> >- Mozilla FireFox 1.0.6 and 1.5beta,
> >- Mozilla Browser 1.7.11,
> >- Netscape 22.214.171.124 <http://126.96.36.199>.
> >Recommendations for this vulnerability:
> >- FireFox and Mozilla: Install the workaround for (
> >- Netscape: hope they'll respond to this email and release a workaround.
> >- Wait for a patch and install it asap.
> >Recommendations to make it harder to exploit any FireFox vulnerability:
> >- Turn on DEP (Data Execution Prevention),
> >- Switch to another browser,
> >- Do not browse untrusted sites,
> >- Do not browse the web at all,
> >- Unplug your machine from the web,
> >- Wear a tinfoil hat.
> BTW: From where is that security [at] netscape.org address?
> An official security URL to Netscape is "Netscape Browser Bug Submission
> Form" at
> (www.netscape.org redirects to home.netscape.com/ , of course they have
> netscape.org, netscape.net etc.)
> For version 7.2 (and 7.x?) it is the following:
> Two separate addresses due to different developer teams, according to
> my knowledge. Is there any new information?