Closed Bug 281831 Opened 20 years ago Closed 20 years ago

IDN Spoofing Security Issue (Secunia Advisory: SA14163 )

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 279099

People

(Reporter: julien.reynier, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Build Identifier: Eric Johanson has reported a security issue in Mozilla / Firefox / Camino, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar. The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_idn_spoofing_test/ The issue has been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions may also be affected. Reproducible: Always Steps to Reproduce: 1- go to http://secunia.com/multiple_browsers_idn_spoofing_test/ 2- left click on "Test Now" link Actual Results: You think you are on http://www.paypal.com but you are not.
*** This bug has been marked as a duplicate of 279099 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.