Closed Bug 1689895 Opened 3 years ago Closed 3 years ago

xn-- encoding shows the decoded one in URL bar

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 85
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1507582

People

(Reporter: karl-police2001, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36

Steps to reproduce:

Be on Firefox and access this link: "xn--80ak6aa92e.com"

Actual results:

You will successfully connect to the website, however the URL bar changes to https://www.аррӏе.com/

Expected results:

Read this https://www.xudongz.com/blog/2017/idn-phishing/

A warning should probably have happend. Nowadays I believe browsers support all unicode in the URL, so "xn--" is not really needed anymore.

People can abuse this and that would harm Firefox users.

note I reported this bug on Chrome but tested it on Firefox

note I reported this bug on Chrome but tested it on Firefox

This is already known, see https://bugzilla.mozilla.org/show_bug.cgi?id=1507582#c19 .

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.