Closed Bug 288667 Opened 19 years ago Closed 19 years ago

Cyrillic characters in domain name allow direction to a false site.

Tracking

(Not tracked)

Status:

VERIFIED DUPLICATE of bug 279099

People

(Reporter: smokinjoe, Assigned: dveditz)

Details

smokinjoe

Reporter

Description

•

19 years ago

User-Agent:       Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.6) Gecko/20050319
Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.7.6) Gecko/20050319

Mozilla (gecko/khtml)browsers place correct English letters in address bar, but
the use of Cyrillic characters (not properly displayed ) in URL can direct user
to an alternate site. This type of character decoding is an automatic function,
and can only be checked by the user if the link source code is examined. The
incorporation of non-latin characters in domain name invites misinterpretation
and could be used by "Phishers/Pharmers" for information theft. Possible
disabling of the IDN function may solve the problem. 

Ie. www.p&#224;ypal.com   =   www.paypal.com

Reproducible: Always

Daniel Veditz [:dveditz]

Assignee

Comment 1

•

19 years ago

This is an April's fools joke, right? Please search for duplicates before filing
bugs, ESPECIALLY when filing bugs based on widely disseminated press reports.

*** This bug has been marked as a duplicate of 279099 ***

Group: security

Status: UNCONFIRMED → RESOLVED

Closed: 19 years ago

Resolution: --- → DUPLICATE

Marek Stępień [:marcoos, inactive]

Updated

•

19 years ago

Status: RESOLVED → VERIFIED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Cyrillic characters in domain name allow direction to a false site.

Categories

(SeaMonkey :: Security, defect)

Tracking

(Not tracked)

People

(Reporter: smokinjoe, Assigned: dveditz)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated