Firefox spoofing flaw goes international

Drakon · Feb 8, 2005, 12:12 AM

A security loophole in Mozilla and Firefox browser could be used to spoof the URL displayed in the address bar, SSL certificate and status bar. The vulnerability also affects Opera and Konqueror and stems from a flawed IDN (International Domain Name) implementation within the browsers.

The bug could be exploited by registering domain names with certain international characters - which look like other commonly-used characters - in order to hoodwink users into believing they on a different, trusted site. As such, the bug creates a new wheeze for phishing attacks. For Germans to use national German characters in ".de" domains, for example, is one thing, but the use of national characters has been extended to the international domain space (.com, .net an .org) and extends the scope for confusion.
____________________________
Read More: The Register

Feb 8, 2005, 12:12 AM	#1
Drakon DriverHeaven Extreme Member Join Date: Jun 2004 Location: Floatin'... Posts: 4,957 Rep Power: 0	Firefox spoofing flaw goes international A security loophole in Mozilla and Firefox browser could be used to spoof the URL displayed in the address bar, SSL certificate and status bar. The vulnerability also affects Opera and Konqueror and stems from a flawed IDN (International Domain Name) implementation within the browsers. The bug could be exploited by registering domain names with certain international characters - which look like other commonly-used characters - in order to hoodwink users into believing they on a different, trusted site. As such, the bug creates a new wheeze for phishing attacks. For Germans to use national German characters in ".de" domains, for example, is one thing, but the use of national characters has been extended to the international domain space (.com, .net an .org) and extends the scope for confusion. ____________________________ Read More: The Register