A security issue has been discovered in Mozilla Firefox [version 3.0.6], which can be exploited by a malicious people to conduct spoofing attacks.
The problem is caused due to the handling of IDN (International Domain Name) support, which can be exploited to spoof a URL via e.g. a ".cn" domain containing certain international characters that resemble other commonly used characters (e.g. "/") in the sub-domain part.
Solution:
Disable IDN support in "about:config".
Original Advisory:
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
No comments:
Post a Comment