287811 - wrong url displayed in location bar, open to abuse by phishers

Status: VERIFIED DUPLICATE of bug 264610

(Firefox :: Address Bar, defect)

Description

[Geoff Latham]

User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2

typing www.intel or www.amd into the address bar will take you to the respective
.com site but display the the url as www.intel or www.and

this could be open to abuse for phishing scams in the case of domains with names
the same as TLDs such as www.int.com

www.int doesn't exist so firefox helpfully tries other TLDs added to the url. it
finds www.int.com and loads it but doesn't update the location bar.

I presume that if the www.int.com had a subdomain of, say, "unitednations" then
using unitednations.int would result in firefox directing you to
unitednations.int.com but displaying "unitednations.int" making it look like a
genuine international organisation.

Reproducible: Always

Steps to Reproduce:
1. enter url as www.int or http://www.int
2. hit return
Actual Results:  
www.int.com index page is loaded but www.int is displayed in location bar

Expected Results:  
url in address bar should be updated to reflect the actual address of the site
you are visiting.

after seeing the "Internationalized Domain Name (IDN) homograph spoofing" bug
listed under security fixes I decided to check the "Security" tickbox on this
form. apologies in advance if I was wrong to do so.

Comment 1

[Daniel Veditz [:dveditz]]

*** Bug 287812 has been marked as a duplicate of this bug. ***

Comment 2

[Daniel Veditz [:dveditz]]

*** This bug has been marked as a duplicate of 264610 ***