So it MAY take ypu to another site.
atleast it doesn't allow code to say format your hd, or just bomb your comp like 95% of the stuff does for IE.

Everytime I see a patch or flaw with IE it's a security issue, in 2004 there were like ehat, 2-3 dozen of those & all of them had to do with users being able to take over your system directly, not be pushed to another site.

Besides it is an IDN issue, not mozilla,Opera or KDE

Catch a clue, buy a vowel!

cant fix it, or patch it in time so they disable it, sorry POS, and they also blame.... "For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names."

when the bottom line is there browser is the last point to make sure these things dont happen

Read the article - the problem is in the IDN specification itself NOT the browser. Microsoft hasn't added support because IE hasn't been updated since XP in 2001. It's not because IE is better that it's unaffected, it's because development has been slow and so Microsoft got lucky.

But again, this is a specification issue. Which means VeriSign and ICANN need to go back to the drawing board and figure out another option.

nate,

I totally agree. Because Microsoft has been slackers with IE they did get lucky on this one. There is no need for IDN in a browser anyway. At least for 95% of the users.

Agreed. Not that I blame them, but VeriSign is primarily promoting IDN because it means... more domain names! More domain names means... more money!

And in reality, IDN is really going to cause more trouble and confusion then it's worth.

I laugh at you for such comments.

First of all, if MS had this problem, they would call it a "security update" or a "patch," not disabling a feature - this is a feature that MS doesn't even support btw. MS once called the act of uninstalling their version of Java an "update" when it was really legal issues - what do you think about that? I dunno, maybe they were supposed to make it sound good, which it was, except to MS.

2nd, disabling this feature will bring FireFox to the same point as MS on that particular feature.

I have been paying more attention to betanews lately, and the articles they put out always make MS look good, and articles such as this make open source, ms's competition, look bad.

"more domain names! More domain names means... more money!"

And that's... bad?

That can be argued both ways. But my point was that VeriSign's reasons for backing IDN are business related - not some noble cause.

However, it is bad if it means people are just going to register paypal.com with a different "a" and take advantage of unsuspecting users.

I applaud both ms and mozilla on their approaches to this issue. each took a different view on how to handle an issue beyond their control. in the end it isnt how the problem is handled, it is the fact that it WAS handled (gasp.. yes, I actually gave praise to microshaft for a change :) )

One of the first major flaws found in Mozilla software and what happens? They have to perform a complete over-haul of the IDN code most likley because in the back of their minds they know pop-ups, notifications are the cheap way out of this problem.

They just tell you to turn it off, I guess all those stupid "patches" and "updates" from Microsoft don't look so dumb after all. So much for the lightning fast reaction times of the open source community.

"That can be argued both ways."

Pray tell, I'd love to hear the other way.

"But my point was that VeriSign's reasons for backing IDN are business related - not some noble cause."

1.) Verisign is a business. Are you blaming a business for... making business?
2.) Exactly why and how making business is bad anyway?
3.) Please define 'noble cause'. Thanks.

wtf?!? how did the open source community get brought into this? This is a report in the flaw of IDN and two different responmses to handle it. It constitutes ONE patch for IE.. what about all the hundreds of others not related to this issue but in security issues in IE and windows itself.

Peddle your hatemongering elsewhere

WTF are you talking about? Have you even read the Mozilla response to the IDN problem? Have you looked at their Bugzilla entries for the IDN bug?

There's nothing wrong with their IDN code, it's functioning in exactly the same way as Opera's is. (BTW, Opera's response is to do nothing at all!) All Mozilla have done is to change the DEAULT value of a preference. All it means is that the user has to *specifically* turn the feature on, rather than off - that's giving the user more control and thus more security.

The "long trm fix" being discussed by Mozilla is likely to be an "in-your-face" pop-up type warning if you turn on or navigate to an IDN site. They're not talking about re-writing the underlying code!

"There's nothing wrong with their IDN code, it's functioning in exactly the same way as Opera's is."

I know it's working like it suppost to...but there is a major flaw discovered in it. This is not a simple problem because not only does this affect Mozilla but multiple browsers on multiple platforms.

My comment on the open-source community was the boasting of how fast the reaction time is to discovered security holes. Just because it's in Bugzilla or any other database does not mean anything because the problem is still there.

And it constitutes no patch for IE because it doesn't use IDN standards. Thank you very much.