Closed
Bug 287812
Opened 20 years ago
Closed 20 years ago
wrong url displayed in location bar, open to abuse by phishers
Categories
(Firefox :: Address Bar, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 287811
People
(Reporter: bugzilla, Assigned: bugs)
References
()
Details
(Whiteboard: [sg:nse])
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 typing www.intel or www.amd into the address bar will take you to the respective .com site but display the the url as www.intel or www.and this could be open to abuse for phishing scams in the case of domains with names the same as TLDs such as www.int.com www.int doesn't exist so firefox helpfully tries other TLDs added to the url. it finds www.int.com and loads it but doesn't update the location bar. I presume that if the www.int.com had a subdomain of, say, "unitednations" then using unitednations.int would result in firefox directing you to unitednations.int.com but displaying "unitednations.int" making it look like a genuine international organisation. Reproducible: Always Steps to Reproduce: 1. enter url as www.int or http://www.int 2. hit return Actual Results: www.int.com index page is loaded but www.int is displayed in location bar Expected Results: url in address bar should be updated to reflect the actual address of the site you are visiting. after seeing the "Internationalized Domain Name (IDN) homograph spoofing" bug listed under security fixes I decided to check the "Security" tickbox on this form. apologies in advance if I was wrong to do so.
|
||
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 287811 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•20 years ago
|
Group: security
Whiteboard: [sg:nse]
You need to log in
before you can comment on or make changes to this bug.
Description
•