Closed Bug 1711546 Opened 3 years ago Closed 3 years ago

IDN homograph attack

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 88
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1332714

People

(Reporter: nikhil.mittal641, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

Steps to reproduce:

  1. Goto https://s09.gitlab.io/s/pple.html in Firefox desktop, android browsers
  2. Click on the mentioned link
  3. You will see the domain is not displayed in punycodes

POC:

https://drive.google.com/file/d/186YnYBlS6Ig2GEqtuyF0l3qnBGW_7--V/view?usp=sharing

Actual results:

The resulted resolved domain displayed as https://www.аррӏе.com/
instead of punycode

Expected results:

Firefox should display punycode instead

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.