Closed Bug 1377066 Opened 7 years ago Closed 7 years ago

Phishing with Unicode Domains

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1332714

People

(Reporter: u534134, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170607123825

Steps to reproduce:

IF Firefox users MOBILE and DESKTOP (Android and Windows) click on a URL
https://www.xn--80ak6aa92e.com/

will see in the browser they are on https://www.apple.com/ with also green certificate when they are not on the apple website.

This can be done with different website also with:
https://www.xn--e1awd7f.com/

you will see:
https://www.epic.com/ when you are not connected with https://www.epic.com/


Actual results:

See What did you do? (steps to reproduce)


Expected results:

It's very important that MOBILE and DESKTOP browser find a way to let know to the user that 
https://www.xn--e1awd7f.com/
and
https://www.epic.com/ 

are two different address and not the same.
This is a BIG Phishing security issue only present in Firefox.

Firefox is the only browser that is keeping this security behavior.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Firefox has decided to show two different web address as the same and leave the opportunity to be scammed and to made Phishing?
You need to log in before you can comment on or make changes to this bug.