Closed Bug 1711546 Opened 5 months ago Closed 5 months ago

IDN homograph attack

Categories

(Firefox :: Untriaged, defect)

Firefox 88
defect

Tracking

()

RESOLVED DUPLICATE of bug 1332714

People

(Reporter: nikhil.mittal641, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36

Steps to reproduce:

  1. Goto https://s09.gitlab.io/s/pple.html in Firefox desktop, android browsers
  2. Click on the mentioned link
  3. You will see the domain is not displayed in punycodes

POC:

https://drive.google.com/file/d/186YnYBlS6Ig2GEqtuyF0l3qnBGW_7--V/view?usp=sharing

Actual results:

The resulted resolved domain displayed as https://www.аррӏе.com/
instead of punycode

Expected results:

Firefox should display punycode instead

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 5 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1332714
You need to log in before you can comment on or make changes to this bug.