Closed Bug 1392190 Opened 8 years ago Closed 8 years ago

disallow "malayalam" unicode block from IDN domains

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1373860

People

(Reporter: xisigr, Unassigned)

References

Details

Attachments

(1 file)

U+0D4E.png 8 years ago xisigr 56.47 KB, image/png		Details

xisigr

Reporter

Description

•

8 years ago

Attached image U+0D4E.png — Details

Firefox should prevent the “malayalam” unicode block from rendering in domain names with characters from other unicode blocks. This could lead to IDN domain spoofing. Test on macOS. https://www.xn--google-1zs.com (U+0D4E)

Daniel Veditz [:dveditz]

Comment 1

•

8 years ago

On Mac 10.11.6 it's not a spoof at all: I get an undefined-character box. Although not strictly a combining mark, this is still basically bug 1370497 (and/or the bug where we're considering switching to the "Highly Restrictive" IDN profile).

Depends on: CVE-2017-7833

Daniel Veditz [:dveditz]

Updated

•

8 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 8 years ago

Resolution: --- → DUPLICATE

Gervase Markham [:gerv]

Comment 3

•

8 years ago

Yeah, this one doesn't work for me on Linux. Gerv

Daniel Veditz [:dveditz]

Updated

•

5 years ago

Group: firefox-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

disallow "malayalam" unicode block from IDN domains

Categories

(Firefox :: Address Bar, defect)

Tracking

()

People

(Reporter: xisigr, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 3

Updated

Attachment

General

Description

File Name

Content Type