IDN disabling does not work properly

VERIFIED DUPLICATE of bug 261934

Status

()

Firefox
General
--
critical
VERIFIED DUPLICATE of bug 261934
14 years ago
14 years ago

People

(Reporter: Gábor Ziegler, Assigned: Blake Ross)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Please look at the phising examples on http://www.retrosynth.com/misc/phishing.html

The explanations is at http://www.shmoo.com/idn/homograph.txt
This latter suggests to disable IDN from about:config. That works, however, only
until browser restart. 

After restart the about:config show the IDN as disabled, however it is not: IDN
works, the user become again vulnerabl to the abovementioned phisings. Manually
toggling the about:config setting back to "true" and again to "false" works --
until the next browser restart.



Reproducible: Always

Steps to Reproduce:
1. Visit http://www.retrosynth.com/misc/phishing.html, observe that the phising
works
2. Enter about:config menu and toggle network.enableIDN settign to "false"
3. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the
phising does not work anymore
4. Exit the browser, then examine "%HOME%\Application
Data\Mozila\Firefox\Profiles\<yourprofileid>.default\prefs.js. Observe that the
file indeed contains the line:
user_pref("network.enableIDN", false);
5. Start the browser again. Examine about:config that nework.enableIDN setting
is shown as "user set" and  "boolean" and false"
6. Go back to http://www.retrosynth.com/misc/phishing.html and observe that the
phising does work again contrary to the display in about:config
7. Enter about:config menu and toggle network.enableIDN settign to "true"
 first, then toggle back to "false". 
6. GOTO Step-3.
Actual Results:  
After restarting the browser about:config sais IDN is disabled, however, it is
apparently not.

Expected Results:  
The setting must behave is indicated in about:config, i.e., become amd remain
disabled even across sessions.

*** This bug has been marked as a duplicate of 261934 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
Group: security
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.