Unicode url scam not noticeable

NEW
Unassigned

Status

()

P3
normal
a year ago
4 months ago

People

(Reporter: ideechaniz, Unassigned)

Tracking

55 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Android 5.0.1; Mobile; rv:55.0) Gecko/55.0 Firefox/55.0
Build ID: 20170815231002

Steps to reproduce:

 www.аррӏе.com/ is seen as Apple but it really is www.xn--80ak6aa92e.com/ 

That url is informative but other urls could be used for scams.


Actual results:

 www.аррӏе.com/ is seen as Apple but it really is www.xn--80ak6aa92e.com/ 

That url is informative but other urls could be used for scams.


Expected results:

It should show the real address and the expected one when unicode is used.
fwiw, this does not currently affect FF57 because we regressed support for unicode domains in the toolbar - bug 1391421 is there to fix it but I'm not sure what the proper solution should be.
Status: UNCONFIRMED → NEW
Ever confirmed: true
See the desktop version of this bug for an in depth discussion of the problem.
See Also: → bug 1332714
P2 for now
NI Joe and Wesly to help prioritize this
Flags: needinfo?(wehuang)
Flags: needinfo?(jcheng)
Priority: -- → P1
P2 should be fair. And per the conclusion in https://bugzilla.mozilla.org/show_bug.cgi?id=1391421#c13 we should keep monitoring bug 1332714 and probably align their solution in the future.
Flags: needinfo?(wehuang)
Priority: P1 → P2
[triage] Not fixed on desktop so non-critical for us too.
Flags: needinfo?(jcheng)
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.