IDN spoofing vulnerability in Gecko browsers
Longman, Bill
longman at sharplabs.com
Tue Mar 8 09:48:37 MST 2005
OT PUBLIC SERVICE ANNOUNCEMENT
If you use Gecko based browsers, please be aware of a rather major spoofing
hole.
http://forums.mozillazine.org/viewtopic.php?t=215178
Phishing attacks abound nowadays and it's very very easy to fall prey to
this. And if you don't believe how hard-to-find this vulnerability can be,
take a look at this:
http://www.shmoo.com/idn/
Follow the spoofed SSL links and try to find out that you're then on a bogus
site. The only way is to check the certificate and notice that the domain
you see in the address bar doesn't match the certificate's CN (Common Name).
Good luck.
I suggest you all apply the mozillazine fix.
More information about the yellowdog-general
mailing list