Monday, March 2, 2009

Mozilla Firefox IDN Spoofing Security Issue

A security issue has been discovered in Mozilla Firefox [version 3.0.6], which can be exploited by a malicious people to conduct spoofing attacks.

The problem is caused due to the handling of IDN (International Domain Name) support, which can be exploited to spoof a URL via e.g. a ".cn" domain containing certain international characters that resemble other commonly used characters (e.g. "/") in the sub-domain part.

Disable IDN support in "about:config".

Original Advisory:

No comments:

Post a Comment