Closed
Bug 1705888
Opened 3 years ago
Closed 3 years ago
"punycode" automatically set to "false" in firefox allows for phishing attacks
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1507582
People
(Reporter: unshakenpower, Unassigned)
Details
Attachments
(1 file)
116.22 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Steps to reproduce:
- "network.IDN_show_punycode" is auto set to false in Firefox.
- If you visit "https://xn--e1awd7f.com" it will falsely appear as "https://еріс.com"
SOLUTION: - Go to about:config and set "network.IDN_show_punycode" is to true in firefox
- Go to "https://xn--e1awd7f.com/" it will NOT appear as "https://еріс.com/", which is the correct thing!
Actual results:
just set the code to true.
Expected results:
Easy solution. This option could be locked to "true", unless exceptionally necessary.
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Component: Untriaged → Networking
Product: Firefox → Core
Updated•3 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•