Description: Eric Johanson has reported a security issue in Mozilla / Firefox / Camino, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar. The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_idn_spoofing_test/ The issue has been confirmed in Mozilla 1.7.5 and Firefox 1.0. Other versions may also be affected. Solution: Disable IDN support by setting network.enableIDN to "false". Don't follow links from untrusted sources. Manually type the URL in the address bar.
Confirmed with Firefox 1.0 Mozilla please advise.
We'll have to wait for Mozilla to issue new versions. I didn't find any open bug (yet) on Mozilla bugzie. Note that the "disable IDN" workaround seems to be buggy: http://it.slashdot.org/comments.pl?sid=138568&cid=11596841
https://bugzilla.mozilla.org/show_bug.cgi?id=279099
CAN-2005-0238 for Epiphany
firefox 1.0.1 with this stuff fixed is out..
Replaced by metabug 83267 *** This bug has been marked as a duplicate of 83267 ***
