Firefox, Mozilla, Camino URL Spoofing Exploit

By DarthTibault

A security issue in Mozilla, Firefox, Camino (and other IDN-supporting
web browsers) has been found which can be exploited by a malicious web
site to spoof the URL displayed in the address bar, SSL certificate,
and status bar.

The problem is caused due to an unintended result of the IDN
(International Domain Name) implementation, which allows using
international characters in domain names.

This can be exploited by registering domain names with certain
international characters that resembles other commonly used characters,
thereby causing the user to believe they are on a trusted site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/multiple_browsers_idn_spoofing_test/

The issue has been confirmed in Mozilla 1.7.5 and Firefox 1.0. A
work-around until a fix/update is released can be found at

http://forums.mozillazine.org/viewtopic.php?t=215221 and involves commenting
out a single line in one file in your Firefox profile directory.

I recommend you test your browser and do the suggested work-around and re-test to
ensure you won’t be ’spoofed’ using this exploit. If using another browser
and the spoofing test comes back positive, check the web site for your browser
for updates or browser-specific info to correct the problem.

This entry was posted on Saturday, February 12th, 2005 at 9:37 pm / 02 Muharram 1426AH and is filed under Technology + Computing News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply