User Help for Mozilla Firefox
A Spoofing issue has been found in browsers that support IDN (International Domain Names). This includes Mozilla, Firefox, Konqueror, Safari and Opera.
A malicious site author can register a domain with characters that resemble other commonly used characters. The browser will in turn show these in the URL bar, status bar, etc. <a href="http://secunia.com/">Secunia</a> has <a href="http://secunia.com/multiple_browsers_idn_spoofing_test/">a test available</a>.
Unfixed, workaround available.
This can be worked around by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory (<a href="http://www.mozilla.org/products/firefox/releases/1.0.html#profilefolder">Common profile locations</a>).
Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line. For example:
Note that you will have to repeat this edit if you install any themes or extensions, as compreg.dat gets regenerated.
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=279099">Mozilla Bug 279099</a> - <strong>DO NOT COMMENT ON THIS BUG UNLESS YOU PLAN ON FIXING IT</strong>
<a href="http://secunia.com/advisories/14163/">Secunia Advisory</a>
<a href="http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/">Firefox spoofing flaw goes international</a> - The Register
<strong>Related Forum Threads</strong>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215178">Spoofing (IDN) vulnerability temporary solution (works 100%)</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215022">IDN browser exploit</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215171">All Browsers But IE At Risk To New Spoofing Scheme</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215159">Notice another security issue with firefox</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214906">IDN Issue?</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214914">How to set enableIDN to false?</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214828">Serious security issue -- phishing vulnerability</a>
Please discuss the issue here, rather than creating dozens of threads about the same subject.
Note: Information gathered from various sources both on and off the forums.
Last edited by Hendikins on February 7th, 2005, 11:02 pm, edited 5 times in total.
Easy fix! And to prove it's fixed goto the secunia website and do the "test" they have setup.
The before comes up with the paypal.com spoof window. If you did the above trick right - then it will just say "cannot contact www.paypal.com".
I suppose there is a nightly build in the works to resolve this...
Don't sing it, just bring it.
I understand there is a nightly build in the works that should make for a better and
easier workaround. This won't resolve the underlying problem however.
It should have been possible to fix this by just switching off IDS in about:config.
Unfortunately the way this preference was initialised was found to be broken and
the fix didn't persist across restarts. This has been corrected in the nightlies I
A permanent fix that doesn't just turn off or disable IDS is likely to take longer.
The protocol itself is really at fault and some rethinking may be required.
Just bringing the following point some attention....
Isn't compreg.dat re-created anytime you install a new plugin/extension installed ? and wouldn't that overwrite the old file with the commented out line (not sure if FF respects the readonly attribute either, a la cookies.txt)... I haven't tested this as I haven't had the time and as i'm not really all that concerned with the IDN issue (based on my browsing habits)...
Will there ever be an update to fix this? What happen to all thouse who doesn't know much about computer?
well i got a chance to test... and unless u make the file readonly the edit will be OVERwritten on new plugin/extension installation. also keeping readonly may prevent your newly installed extension/plugin from registering properly... SO... make sure reedit the file after extension/plugin installation....
Adding to sticky.
Ok, i have a ratger strange situation, I cannot seem to find the folder and file that need to be altered in my Mac Library. Any help, there is only one file a .shlb file. Any help with this?
The default Mac profile can be in ~/Library/Application Support/Firefox/xxxxxxxx.default/
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
Another alternative is to grab a 1.0.1 tinderbox build where network.enableIDN works correctly (I've only confirmed it on the Windows build though):
ftp://ftp.mozilla.org/pub/mozilla.org/f ... ox-builds/
Windows = sweetlou-aviary1.0.1
Linux = madcow-aviary1.0.1
MacOS = imola-aviary1.0.1
there's a simple fix for those that wish to take care of it before an official patch/fix comes out.</p>
go to the about:config page and disable network.enableIDN (set to FALSE).</p>
I went back to the secunia page and it checked out.
I only found 2 lines that contain IDN in them with the "Find" is this correct also, I use default theme with 4 extensions. Thank You in advance.
Sorry this post is mine I was not logged in.
No, it won't!
This is a bug i FireFox that makes your toggeling dissapear again if you close all instances of FireFox and start it again.
FireFox is now just as bad as when you first installed it
In the FWIW catagory, there's this from the AP this morning:
http://apnews1.iwon.com//article/200502 ... UIRO0.html
The last part of which states:
""But Johannes Ullrich, chief technology office with the SANS Institute's Internet Storm Center, said scammers may focus on exploiting other flaws because IE remains dominant.
"Right now the one thing that will likely prevent them from using it is that Internet Explorer users will not be able to see the page at all," he said.""
So hopefully a fix will be in before too long, before "they" catch on.
Who is online
Users browsing this forum: Google [Bot] and 20 guests