Closed Bug 1705888 Opened 3 years ago Closed 3 years ago

"punycode" automatically set to "false" in firefox allows for phishing attacks

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
Firefox 87
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1507582

People

(Reporter: unshakenpower, Unassigned)

Details

Attachments

(1 file)

Screenshot_2021-04-17 Informar sobre possível falsificação na web.png
116.22 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0

Steps to reproduce:

  1. "network.IDN_show_punycode" is auto set to false in Firefox.
  2. If you visit "https://xn--e1awd7f.com" it will falsely appear as "https://еріс.com"
    SOLUTION:
  3. Go to about:config and set "network.IDN_show_punycode" is to true in firefox
  4. Go to "https://xn--e1awd7f.com/" it will NOT appear as "https://еріс.com/", which is the correct thing!

Actual results:

just set the code to true.

Expected results:

Easy solution. This option could be locked to "true", unless exceptionally necessary.

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: