User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Please look at the phising examples on http://www.retrosynth.com/misc/phishing.html The explanations is at http://www.shmoo.com/idn/homograph.txt This latter suggests to disable IDN from about:config. That works, however, only until browser restart. After restart the about:config show the IDN as disabled, however it is not: IDN works, the user become again vulnerabl to the abovementioned phisings. Manually toggling the about:config setting back to "true" and again to "false" works -- until the next browser restart. Reproducible: Always Steps to Reproduce: 1. Visit http://www.retrosynth.com/misc/phishing.html, observe that the phising works 2. Enter about:config menu and toggle network.enableIDN settign to "false" 3. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the phising does not work anymore 4. Exit the browser, then examine "%HOME%\Application Data\Mozila\Firefox\Profiles\<yourprofileid>.default\prefs.js. Observe that the file indeed contains the line: user_pref("network.enableIDN", false); 5. Start the browser again. Examine about:config that nework.enableIDN setting is shown as "user set" and "boolean" and false" 6. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the phising does work again contrary to the display in about:config 7. Enter about:config menu and toggle network.enableIDN settign to "true" first, then toggle back to "false". 6. GOTO Step-3. Actual Results: After restarting the browser about:config sais IDN is disabled, however, it is apparently not. Expected Results: The setting must behave is indicated in about:config, i.e., become amd remain disabled even across sessions.
*** This bug has been marked as a duplicate of 261934 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.