Closed Bug 281831 Opened 20 years ago Closed 20 years ago

IDN Spoofing Security Issue (Secunia Advisory: SA14163 )

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 279099

People

(Reporter: julien.reynier, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: 

Eric Johanson has reported a security issue in Mozilla / Firefox / Camino, 
which can be exploited by a malicious web site to spoof the URL displayed in 
the address bar, SSL certificate, and status bar.

The problem is caused due to an unintended result of the IDN (International 
Domain Name) implementation, which allows using international characters in 
domain names.

This can be exploited by registering domain names with certain international 
characters that resembles other commonly used characters, thereby causing the 
user to believe they are on a trusted site.

Secunia has constructed a test, which can be used to check if your browser is 
affected by this issue:
http://secunia.com/multiple_browsers_idn_spoofing_test/

The issue has been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions 
may also be affected.


Reproducible: Always

Steps to Reproduce:
1- go to http://secunia.com/multiple_browsers_idn_spoofing_test/
2- left click on "Test Now" link
Actual Results:  
You think you are on http://www.paypal.com but you are not.

*** This bug has been marked as a duplicate of 279099 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.