771 bytes, text/html
357 bytes, text/html
Created attachment 290987 [details] A page that fakes link to EXAMPLE.IRAN as a link to EXAMPLE.TEST How to reproduce: * network.IDN.whitelist.xn--mgba3a4f16a = true * make sure network.IDN.whitelist.xn--hgbk6aj7f53bba = true * open the attachment and hover 3rd and 4th links * open both links in new tab As you can see, not removing bidi-marks (even in paths, link samples 2 and 4) allows changing how the URL looks like in the status-bar, and allows faking sites. Here are the translation of links: 1. http://EXAMPLE.TEXT/EXAMPLE.IRAN 2. http://EXAMPLE.IRAN/EXAMPLE.TEXT 3. http://EXAMPLE.TEXT/EXAMPLE.IRAN 4. http://EXAMPLE.IRAN/EXAMPLE.TEXT Text of all links are EXAMPLE.IRAN, which because of another (yet open) bug you see punycode of the first two, but unicode of the second ones, which is the security issue here. As fx2.0 always displays the punycode in the status-bar (right?), it doesn't have any security problem, but it's better to fix it too.
(In reply to comment #0) > 1. http://EXAMPLE.TEXT/EXAMPLE.IRAN > 2. http://EXAMPLE.IRAN/EXAMPLE.TEXT > 3. http://EXAMPLE.TEXT/EXAMPLE.IRAN > 4. http://EXAMPLE.IRAN/EXAMPLE.TEXT s/TEXT/TEST/
Created attachment 290988 [details] A page that fakes link to zwnj.org as a link to mozilla.org As you can see in this english example, i can fake mozilla.org in status-bar and even in address-bar! Maybe this case is not a security issue as i cannot do config needed the DNS, but the previous one, which doesn't have any bidi-mark in the host part is.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 388372
You need to log in before you can comment on or make changes to this bug.