Jump to content
xisto Community
NilsC

Multiple Browsers Idn Spoofing Test Mozilla family

Recommended Posts

This exploit affects Mozilla based browsers and versions listed:

 

Mozilla 1.7.x

Mozilla Firefox 0.x

Mozilla Firefox 1.x

Mozilla Thunderbird 0.x

Mozilla Thunderbird 1.x

 

Description:

Eric Johanson has reported a security issue in Mozilla / Firefox / Camino / Thunderbird, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.

 

The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.

 

This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site.

SECURITY TEST LINK HERE

paypal spoof

 

This link will bring you to Secunia's browser test page.

 

Read the security advisory here.

http://secunia.com/advisories/14163/

 

Nils

Share this post


Link to post
Share on other sites

For those of you with Firefox, simply updating to version 1.01 fixes the problem. If you have version 1.0, a red arrow pointing up in a circle should appear on the toolbar towards the right side. If you click it, it will allow you to easily update.

Share this post


Link to post
Share on other sites

thanks very useful, does updated mine.Just a question, will the browser remember the site (when typing the address in the bar) (cos it brings up sites with the same name for speed?)do you know what i mean to ask eh? i dont want ti to remember the bad un!chris

Share this post


Link to post
Share on other sites

Chris if you type the URL you are using the character set that is default on your computer. This spoof is done by signing up a website using a different character set where tha characters look the same but have a different ascii value.so typing the URL is safe.Nils

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.