Closed Bug 288667 Opened 20 years ago Closed 20 years ago

Cyrillic characters in domain name allow direction to a false site.

Categories

(SeaMonkey :: Security, defect)

Product:
SeaMonkey
Component:
Security
Platform:
x86
Windows ME
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 279099

People

(Reporter: smokinjoe, Assigned: dveditz)

Details

User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.6) Gecko/20050319 Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.6) Gecko/20050319 Mozilla (gecko/khtml)browsers place correct English letters in address bar, but the use of Cyrillic characters (not properly displayed ) in URL can direct user to an alternate site. This type of character decoding is an automatic function, and can only be checked by the user if the link source code is examined. The incorporation of non-latin characters in domain name invites misinterpretation and could be used by "Phishers/Pharmers" for information theft. Possible disabling of the IDN function may solve the problem. Ie. www.pàypal.com = www.paypal.com Reproducible: Always
This is an April's fools joke, right? Please search for duplicates before filing bugs, ESPECIALLY when filing bugs based on widely disseminated press reports. *** This bug has been marked as a duplicate of 279099 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.