Closed
Bug 1694074
Opened 5 years ago
Closed 5 years ago
Homograph attack
Categories
(Firefox :: Security, task)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1507582
People
(Reporter: z3r0.php, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Hi, While mozilla detect and handle almost all type of homograph attack but I noticed that this character isnt handling properly as this could lead to a spread phishing
<a href="https://ìphone.com">Iphone</a>
Look at the i it is not the actual i but most of the user fall for it .
Flags: sec-bounty?
|
||
Comment 1•5 years ago
|
||
Yes, but unfortunately that's a perfectly valid "Latin" letter so the current specs allow it, and it does show up in legit domains. We are unfortunately left with the option of special protections for "popular" sites, which seems icky and undemocratic but might be the best practical option.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•5 years ago
|
Group: firefox-core-security
Flags: sec-bounty? → sec-bounty-
|
||
Updated•2 years ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•