GoFuckYourself.com - Adult Webmaster Forum - View Single Post - First serious FIREFOX!! SECURITY BREACH IS HERE

azguy · 02-07-2005, 09:23 PM

IE is not affected by this. I guess this comes with the popularity after all.

I haven't seen this posted here yet.

Firefox can be easily exposed to sophisticated phishing attacks:

Visit http://www.shmoo.com/idn/ and see. PayPal's address appears not only in the status bar, but also after you click it. The HTTPS version of it is even scarier.

Fix:

1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.

2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.

3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.

4) Go check out the shmoo demo again and notice it no longer works.

Read more about this in http://www.boingboing.net/ (look up Shmoo Group exploit: 0wn any domain, no defense exists).

02-07-2005, 09:23 PM
azguy Confirmed User Join Date: Nov 2004 Location: Scottsdale, AZ Posts: 5,167	First serious FIREFOX!! SECURITY BREACH IS HERE IE is not affected by this. I guess this comes with the popularity after all. I haven't seen this posted here yet. Firefox can be easily exposed to sophisticated phishing attacks: Visit http://www.shmoo.com/idn/ and see. PayPal's address appears not only in the status bar, but also after you click it. The HTTPS version of it is even scarier. Fix: 1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page. 2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem. 3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done. 4) Go check out the shmoo demo again and notice it no longer works. Read more about this in http://www.boingboing.net/ (look up Shmoo Group exploit: 0wn any domain, no defense exists).