FireFox IDN Bug
For those of us using Mozilla's FireFox browser or just about anything except Internet Explorer, there is vulnerability which allows an attacker to redirect seemingly innocent HTML links to arbitrary destinations with little risk of being detected by the user. The URL of the spoofed domain will show up correctly in the address bar. Try these links:
While these look like links to PayPal, an Internet site for exchanging money, they are actually spoofed IDNs (International Domain Names). Be careful...this could make you a prime target for phishing.
No official fix has been issued by Mozilla at the time of this post. To protect yourself, don't follow links from untrusted sources and manually type URLs in the address bar. For more information on this vulnerability, check out Bugzilla Bug 279099 and the state of homograph attacks.
3/1 EDIT: Official fix available via Firefox 1.0.1
While these look like links to PayPal, an Internet site for exchanging money, they are actually spoofed IDNs (International Domain Names). Be careful...this could make you a prime target for phishing.
No official fix has been issued by Mozilla at the time of this post. To protect yourself, don't follow links from untrusted sources and manually type URLs in the address bar. For more information on this vulnerability, check out Bugzilla Bug 279099 and the state of homograph attacks.
3/1 EDIT: Official fix available via Firefox 1.0.1
0 Comments:
Post a Comment
<< Home