Replies

From the above referenced article - "...The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). "

---

There are some folks here who are big fans of Firefox.

5 posted on 02/07/2005 11:32:25 AM PST by contemplator

To: contemplator

10 posted on 02/07/2005 11:34:46 AM PST by rocksblues (Liberalism is a sickness not a political ideology)

To: contemplator

52 posted on 02/07/2005 11:56:49 AM PST by CDB

To: contemplator

The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration

That appears to be the default setting in Mozilla.

68 posted on 02/07/2005 12:09:30 PM PST by PAR35

To: contemplator

Thanks! You learn something new everyday. I love Firefox!

70 posted on 02/07/2005 12:10:59 PM PST by Lx (Tuesday is Soylent green day!)

To: contemplator

I'm a huge fan of Firefox. Much better than Exploder.

I just made the change you suggested; thanks for the tip.

81 posted on 02/07/2005 12:24:25 PM PST by Altamira (Get the UN out of the US, and the US out of the UN!)

To: contemplator

Explain that to the average computer 'tard who barely knows how to turn the pc on and off let alone configure a program.

85 posted on 02/07/2005 12:30:15 PM PST by Labyrinthos

To: contemplator

89 posted on 02/07/2005 12:39:26 PM PST by ChefKeith (Apply here to be added to the NASCAR Ping List, Daytona is comming soon...)

To: contemplator

BUMP to do this to my home computer as well.

96 posted on 02/07/2005 12:45:10 PM PST by RobRoy (They're trying to find themselves an audience. Their deductions need applause - Peter Gabriel)

To: contemplator

Thanks! That was easy.

133 posted on 02/07/2005 3:46:20 PM PST by jammer

In the interest of actually helping fellow Firefox Freepers (hey, that sounded cool ;):

Source: IDN Spoofing Issue - MozillaZine Forums

IDN Spoofing Issue

A Spoofing issue has been found in browsers that support IDN (International Domain Names). This includes Mozilla, Firefox, Konqueror, Safari and Opera.

Description
A malicious site author can register a domain with characters that resemble other commonly used characters. The browser will in turn show these in the URL bar, status bar, etc. Secunia has a test available.

Status
Unfixed, workaround available.

Workaround
This can be worked around by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory (Common profile locations).

Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line. For example:



# {4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so

More Information
Secunia Advisory
Firefox spoofing flaw goes international - The Register

149 posted on 02/07/2005 7:38:58 PM PST by rpierce

To: contemplator

Found on slashdot:

Hmm, I stand corrected. Setting enableIDN and then testing worked right away for me. Until I restarted my browser. About:config still shows enableIDN set to false, but the spoof works again. However, if I go back into about:config and reset enableIDN to false, it again stops the spoof.

Maybe it is a problem in the Firefox startup code not setting enableIDN properly.

187 posted on 02/08/2005 1:45:35 AM PST by Monitor (Gun control isn't about guns; it's about control.)

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794