Closed Bug 358447 Opened 19 years ago Closed 19 years ago

hex encoded ip, possible to hide the real one

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 67730

People

(Reporter: FG6Zi1DGL66d, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 http://0xC3744705 redirects to the real website, the address looks like a hex to me, may be used to preform phish-attacks of some kind. Reproducible: Always
thats encoded IP, damn it's late.
Summary: hex encoded uri, possible to hide the real one → hex encoded ip, possible to hide the real one
For lots of variants see http://morph3us.org/blog/?p=31 Not really a secret so I'll unhide the bug. According to the the URI spec (RFC 3986 seems to be the most recent version) IPv4 addresses are supposed to be in dotted-decimal form. However "0xC3744705" can be interpreted as a valid name, and if the system DNS reinterprets that as an IPv4 address when we ask then there's not much we can do about it. Could we re-write these in the URL bar, if they turn out not to be reg names? We do other fixups, like lowercasing, punycode, etc.
Group: security
Status: UNCONFIRMED → NEW
Component: General → Networking
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → networking
Whiteboard: [sg:investigate]
Version: unspecified → Trunk
I made the same suggestion in bug 67730 comment 1. *** This bug has been marked as a duplicate of 67730 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:investigate]
You need to log in before you can comment on or make changes to this bug.