Closed Bug 1678905 Opened 5 years ago Closed 5 years ago

IDN Spoofing

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
Firefox 83
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1507582

People

(Reporter: kirtikumar.a.r, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

Steps to reproduce:

IDN Spoofing (cases are taken from disclosed chromium bugs):

  1. https://www.xn--reddt-q4a.com/ -> Reddit.com
  2. http://xn--fcebook-xqc.com -> http://www.fǻcebook.com/
  3. http://xn--twtter-q9a.com -> http://www.twıtter.com/
  4. http://xn--cloud-m4a.com/ -> http://ıcloud.com/
  5. http://xn--whatspp-en4c.com -> http://whatsạpp.com/
  6. http://xn--ipaddress-w75n.com/ -> http://www.ip一address.com/
  7. http://xn--e1awd7f.com/ -> https://еріс.com/
  8. http://ww.xn--16-ogg.com -> http://ww.16ੜ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=1085315)
  9. http://xn--witter-hn7i.com/ -> http://www.丁witter.com/
  10. http://xn--36-y9b.cn/ -> http://www.36θ.cn/
  11. http://xn--c1awa2a2a.com/ -> http://www.гоыох.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=884693)
  12. http://google.xn--rid4c.com/ -> http://google.ငဝ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=811117)
  13. http://xn--wikiedia-s6a.com/ -> http://www.wikiþedia.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=798892)
  14. https://xn--m1acaj3he48b8nnw.com/ -> https://ԝҙѕснооӏѕ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=836885)
  15. http://xn--16-z0j.com/ -> http://www.16ဒ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=847242)
  16. (i) http://xn--o7ca8kb.com/ -> http://www.ຣ໐ຣ໐.com/
    (ii) http://xn--o7c4g.com/ -> http://www.ຣ໐.com/ (16-(i)(ii): https://bugs.chromium.org/p/chromium/issues/detail?id=833143)
  17. https://xn--fabook-jhb.com/ -> https://faœbook.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=835554)
  18. http://xn--16-pik.com/ -> http://www.16ვ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=849398)
  19. http://xn--80ajo90d.com/ -> http://www.ӏкеа.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=817247)
  20. http://xn--80akppap2f26e.com/ -> http://www.ӻасеьоок.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=816769)
  21. http://xn--istagram-irb.com/ -> http://www.iŋstagram.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=808316)
  22. http://xn--g1amdam3je98g4t.com/ -> http://www.ԝзѕснооӏѕ.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=820068)
  23. http://xn--80aa0cn49azm.com/ -> http://www.рауҏаӏ.com/
    http://xn--80aktqg1j12a.com/ -> http://www.мұѕрасе.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=793628)
  24. http://xn--unicode-8he.org/ -> http://www.uni̇code.org/ (https://bugs.chromium.org/p/chromium/issues/detail?id=750239)
  25. xn--ppe-8ka60c.com -> http://www.àppłe.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=719199)
  26. xn--sack-01a.com -> http://www.słack.com/ (https://bugs.chromium.org/p/chromium/issues/detail?id=719199)

Actual results:

Shows Unicode

Expected results:

It should show punny code

These are all known issues. See bug 1507582 for one possible solution, or bug 1473911 for the specific set of ones with combining marks.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Component: Untriaged → Address Bar
You need to log in before you can comment on or make changes to this bug.