Firefox Vulnerability

[Anti-Trend]

A vulnerability was discovered today in all Gecko-based browsers, such as Firefox, Mozilla and Netscape. It allows the possibility of website spoofing, in which case you'd actually see a small popup-style graphic which would cover the address bar and contain the spoofed URL. This would likely be fairly noticable for technically aware users, as the spoofed address text would likely be a few pixels too high/low on many skins, and the font would likely seem a bit 'off'.

Until a proper patch is released, there is a simple workaround. Enter the address about:config in your address bar, and change the value network.enableIDN to False. Once the fix is available, you can re-enable it using the same method.

This vulnerability does not apply to any version of IE, unless you've manually added IDN support. IE does not support IDN natively. ...ironic, isn't it? Microsoft's refusal to accept international browser standards actually spared IE a vulnerability instead of spawning another one! :P

 

[Anti-Trend]

I've just been made aware that although the bug is fairly obvious to spot in Firefox or Mozilla, it's virtually undetectable on Opera. I recommend using the above mentioned workaround ASAP.

For Safari browsers, there's no quick fix. Only the Microsoft Method (input all URLs by hand), at least until a patch is made available.

 

[ninja fetus]

:) easy

 

[Anti-Trend]

:) easy

Unfortunately, the fix isn't quite as simple as I anticipated. To make the fix stick, you have to manually edit a config file. The following is from the official Mozilla support forums:

A Spoofing issue has been found in browsers that support IDN (International Domain Names). This includes Mozilla, Firefox, Konqueror, Safari and Opera.

Description
A malicious site author can register a domain with characters that resemble other commonly used characters. The browser will in turn show these in the URL bar, status bar, etc. Secunia has a test available.

Status
Unfixed, workaround available.

Workaround
This can be worked around by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory (Common profile locations).

Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line. For example:



# {4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so




Note that you will have to repeat this edit if you install any themes or extensions, as compreg.dat gets regenerated.

I recommend using a text editor with search capabilites and looking for IDN. In my case, I only had to comment out one line.

-AT