IDN Spoofing Issue

Discussion of general topics about Mozilla Firefox
Locked
Hendikins
Posts: 26
Joined: December 31st, 1969, 5:00 pm
Location: On a train

IDN Spoofing Issue

Post by Hendikins »

Note: This has been cross-posted from Mozilla Firefox Support, please reply to <a href="http://forums.mozillazine.org/viewtopic.php?t=215221">that sticky thread instead</a>.

A Spoofing issue has been found in browsers that support IDN (International Domain Names). This includes Mozilla, Firefox, Konqueror, Safari and Opera.

<strong>Description</strong>
A malicious site author can register a domain with characters that resemble other commonly used characters. The browser will in turn show these in the URL bar, status bar, etc. <a href="http://secunia.com/">Secunia</a> has <a href="http://secunia.com/multiple_browsers_idn_spoofing_test/">a test available</a>.

<strong>Status</strong>
Unfixed, workaround available.

<strong>Workaround</strong>
This can be worked around by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory (<a href="http://www.mozilla.org/products/firefox/releases/1.0.html#profilefolder">Common profile locations</a>).

Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line. For example:
<pre>
# {4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so</pre>


Note that you will have to repeat this edit if you install any themes or extensions, as compreg.dat gets regenerated.

<strong>More Information</strong>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=279099">Mozilla Bug 279099</a> - <strong>DO NOT COMMENT ON THIS BUG UNLESS YOU PLAN ON FIXING IT</strong>
<a href="http://secunia.com/advisories/14163/">Secunia Advisory</a>
<a href="http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/">Firefox spoofing flaw goes international</a> - The Register

<strong>Related Forum Threads</strong>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215178">Spoofing (IDN) vulnerability temporary solution (works 100%)</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215022">IDN browser exploit</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215171">All Browsers But IE At Risk To New Spoofing Scheme</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=215159">Notice another security issue with firefox</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214906">IDN Issue?</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214914">How to set enableIDN to false?</a>
<a href="http://forums.mozillazine.org/viewtopic.php?t=214828">Serious security issue -- phishing vulnerability</a>

Note: Information gathered from various sources both on and off the forums.
Locked