Closed Bug 1381507 Opened 7 years ago Closed 7 years ago

Mozilla Firefox Homograph attack

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
All
Windows 8
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1332714

People

(Reporter: shwetabhsuman13, Unassigned)

Details

Attachments

(3 files)

Mozilla Home Page Setting.png
46.05 KB, image/png
Details
Mozilla Output.png
28.33 KB, image/png
Details
chrome setting.png
42.92 KB, image/png
Details
About Homograph attack the IDN: http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, you might think that you are going to ebay.com. in fact, you are going to a homograph url http://xn--eby-7cd.com/ more info http://www.chromium.org/developers/design-documents/idn-in-google-chrome more info http://www.charset.org/punycode.php?encoded=http%3A%2F%2Fxn--eby-7cd.com%2F&decode=Punycode+to+normal+text it would be safer to show the punycode version of the url so that it would be apparent that something weird is going on. that is, show http://xn--eby-7cd.com/ instead of http://ebаy.com/ Summary: when we add a site to our Homepage, it's not validate a url properly, make sure it's display the punycode. Products affected: Window System Mozilla Firefox 54.0.1 (32-bit) Steps To Reproduce: In browser add homepage with IDN http://ebаy.com/ Now close and open browser again You can see it's redirect to http://xn--eby-7cd.com/ POC - Behaviour comparison between chrome and mozilla Video Link - https://vimeo.com/225851906 Password - pentest
Attached image Mozilla Output.png
Attached image chrome setting.png
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: General → Location Bar
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: