Closed Bug 1377066 Opened 4 years ago Closed 4 years ago
Phishing with Unicode Domains
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170607123825 Steps to reproduce: IF Firefox users MOBILE and DESKTOP (Android and Windows) click on a URL https://www.xn--80ak6aa92e.com/ will see in the browser they are on https://www.apple.com/ with also green certificate when they are not on the apple website. This can be done with different website also with: https://www.xn--e1awd7f.com/ you will see: https://www.epic.com/ when you are not connected with https://www.epic.com/ Actual results: See What did you do? (steps to reproduce) Expected results: It's very important that MOBILE and DESKTOP browser find a way to let know to the user that https://www.xn--e1awd7f.com/ and https://www.epic.com/ are two different address and not the same. This is a BIG Phishing security issue only present in Firefox. Firefox is the only browser that is keeping this security behavior.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1332714
Firefox has decided to show two different web address as the same and leave the opportunity to be scammed and to made Phishing?
You need to log in before you can comment on or make changes to this bug.