Closed
Bug 1381507
Opened 7 years ago
Closed 7 years ago
Mozilla Firefox Homograph attack
Categories
(Firefox :: Address Bar, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1332714
People
(Reporter: shwetabhsuman13, Unassigned)
Details
Attachments
(3 files)
About Homograph attack
the IDN: http://ebаy.com/
is a homograph for the latin ebay.com. if you click that first link, you might think that you are going to ebay.com. in fact, you are going to a homograph url http://xn--eby-7cd.com/
more info http://www.chromium.org/developers/design-documents/idn-in-google-chrome
more info http://www.charset.org/punycode.php?encoded=http%3A%2F%2Fxn--eby-7cd.com%2F&decode=Punycode+to+normal+text
it would be safer to show the punycode version of the url so that it would be apparent that something weird is going on. that is, show http://xn--eby-7cd.com/ instead of http://ebаy.com/
Summary:
when we add a site to our Homepage, it's not validate a url properly, make sure it's display the punycode.
Products affected:
Window System Mozilla Firefox 54.0.1 (32-bit)
Steps To Reproduce:
In browser add homepage with IDN http://ebаy.com/
Now close and open browser again
You can see it's redirect to http://xn--eby-7cd.com/
POC - Behaviour comparison between chrome and mozilla
Video Link - https://vimeo.com/225851906
Password - pentest
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: General → Location Bar
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•