Closed Bug 1427164 Opened 6 years ago Closed 6 years ago

FF Quantum still exposed to homograph attacks (spoofing using punycode IDNs)

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
57 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1332714

People

(Reporter: antoniodamore92, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171128222554

Steps to reproduce:

Firefox is still vulnerable to homegraph attacks, due to punycode IDN. So I simply visited https://xn--80ak6aa92e.com/ and the issue is evident (I see https://apple.com)


Actual results:

For example, if I visit https://xn--80ak6aa92e.com/, I see https://apple.com.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.