Astahost.com   Feb 8, 2010

Multiple Browsers Idn Spoofing Test - Mozilla family

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Multiple Browsers Idn Spoofing Test - Mozilla family

NilsC
Mar 9 2005, 06:26 PM
This exploit affects Mozilla based browsers and versions listed:

Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x
Mozilla Thunderbird 0.x
Mozilla Thunderbird 1.x

QUOTE
Description:
Eric Johanson has reported a security issue in Mozilla / Firefox / Camino / Thunderbird, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.

The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.

This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site.

SECURITY TEST LINK HERE
paypal spoof

This link will bring you to Secunia's browser test page.

Read the security advisory here.
http://secunia.com/advisories/14163/

Nils

 

 

 


Comment/Reply (w/o sign-up)

-=Wrighty=-
Mar 9 2005, 07:08 PM
Thanks for that NilsC, very helpful, I'll keep that in mind when signing up to anything ect.

Comment/Reply (w/o sign-up)

vizskywalker
Mar 9 2005, 07:11 PM
For those of you with Firefox, simply updating to version 1.01 fixes the problem. If you have version 1.0, a red arrow pointing up in a circle should appear on the toolbar towards the right side. If you click it, it will allow you to easily update.

Comment/Reply (w/o sign-up)

spacewaste
Mar 9 2005, 08:12 PM
yeah 1.01 fixed that problem because when I went to the test site it looked nothing like paypal.com tongue.gif

Comment/Reply (w/o sign-up)

chris1234
Mar 9 2005, 08:51 PM
thanks very useful, does updated mine.
Just a question,
will the browser remember the site (when typing the address in the bar) (cos it brings up sites with the same name for speed?)
do you know what i mean to ask eh? i dont want ti to remember the bad un!
chris

Comment/Reply (w/o sign-up)

NilsC
Mar 9 2005, 09:24 PM
Chris if you type the URL you are using the character set that is default on your computer. This spoof is done by signing up a website using a different character set where tha characters look the same but have a different ascii value.

so typing the URL is safe.

Nils

Comment/Reply (w/o sign-up)

saxsux
Apr 9 2005, 04:04 AM
To be sure, you could just clear your history.

Comment/Reply (w/o sign-up)

Trekkie101
Apr 9 2005, 12:18 PM
very old is this not.

Fixed in the latest firefox builds (and releases)

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)




See Also,

*SIMILAR VIDEOS*
Searching Video's for multiple, browsers, idn, spoofing, test, mozilla, family
advertisement




Multiple Browsers Idn Spoofing Test - Mozilla family

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com



Creative Commons License