Closed
Bug 281439
Opened 19 years ago
Closed 19 years ago
Serious security issue -- phishing vulnerability
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 279099
People
(Reporter: roland.sippel, Assigned: bugzilla)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.7.3) Gecko/20040910 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.7.3) Gecko/20040910 A demo at "The state of homograph attacks von Eric Johanso" showed https://www.paypal.com/ being spoofed, certificate and all. phishing vulnerability works wiht http:// AND https:// !!! Also the published work around (about:config > network.enableIDN > false) does not work. This only works while Firefox is running. Once it restarts IDN works even though the setting is still false. You have to enable and re disable each time you run Firefox. It looks like a bug in Firefox's initialisation. Reproducible: Always Steps to Reproduce: 1. https://www.pаypal.com/) shows https://www.paypal.com/) Decimal 1072 in Unicode for a cyrillic Letter: a Works in Firefox AND Mozilla !! Actual Results: Show wrong URL and wrong Security Certificate Expected Results: Solotion: Mark non ASCII-Char -RED-
Comment 1•19 years ago
|
||
Please follow bug reporting guidelines when filing bugs, especially the one about searching for duplicates. *** This bug has been marked as a duplicate of 279099 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Group: security
Comment 2•19 years ago
|
||
Not much point using the confidential flag to hide a bug based on public information.
You need to log in
before you can comment on or make changes to this bug.
Description
•