Closed Bug 281765 Opened 20 years ago Closed 20 years ago

IDN disabling does not work properly

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 261934

People

(Reporter: ziegler, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Please look at the phising examples on http://www.retrosynth.com/misc/phishing.html

The explanations is at http://www.shmoo.com/idn/homograph.txt
This latter suggests to disable IDN from about:config. That works, however, only
until browser restart. 

After restart the about:config show the IDN as disabled, however it is not: IDN
works, the user become again vulnerabl to the abovementioned phisings. Manually
toggling the about:config setting back to "true" and again to "false" works --
until the next browser restart.



Reproducible: Always

Steps to Reproduce:
1. Visit http://www.retrosynth.com/misc/phishing.html, observe that the phising
works
2. Enter about:config menu and toggle network.enableIDN settign to "false"
3. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the
phising does not work anymore
4. Exit the browser, then examine "%HOME%\Application
Data\Mozila\Firefox\Profiles\<yourprofileid>.default\prefs.js. Observe that the
file indeed contains the line:
user_pref("network.enableIDN", false);
5. Start the browser again. Examine about:config that nework.enableIDN setting
is shown as "user set" and  "boolean" and false"
6. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the
phising does work again contrary to the display in about:config
7. Enter about:config menu and toggle network.enableIDN settign to "true"
 first, then toggle back to "false". 
6. GOTO Step-3.
Actual Results:  
After restarting the browser about:config sais IDN is disabled, however, it is
apparently not.

Expected Results:  
The setting must behave is indicated in about:config, i.e., become amd remain
disabled even across sessions.

*** This bug has been marked as a duplicate of 261934 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Group: security
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.