General :
K-Meleon Web Browser Forum
A new Multiple Browsers IDN (International Domain Names) Spoofing Security Issue was reported by Secunia company today. There is a test page available at:
http://secunia.com/multiple_browsers_idn_spoofing_test/
Test page opens a new window containing spoofed address bar with URL bar text http://www.paypal.com/
However, KM shows text http://www.payp?l.com/
and later http://www.paypðl.com/
in URL bar.
According to my test KM0.9 in WIndows XP Professional is _not_ affected.
Firefox-related advisory is here:
http://secunia.com/advisories/14165/
Can anyone confirm this and is anyone of dev team reading this just now?
not even old 0.7 falls for that on my system (says the odd paypal site does not exist),
not 0.8.2+ not 0.9 (they show what You saw)
system WIN ME.
very strange // but nice ; o ))
I confirm that KM 0.8.2+ Wechselbalg seems to be unaffected (It shows http://www.paypðl.com/). thanks for letting us know about this.
0.9 on W95's cool:
http://kmeleonbrowser.org/forum/read.php?f=3&i=6868&t=6865
Secunia's test shows address:
http://www.payp?l.com/
in the address bar.
There is a parallel thread, and I posted that there is an apparent fix by setting network.enableIDN in about:config to false (it was true). In two tries to connect to the paypal address, I got a cannot be found., and nothing in the URL.
This "fix" was posted at a Netscape/Mozilla/Firefox forum.
Fulvio,
Don't get me wrong, I think the information you are providing is important. But I think your are missing the point of our responses: the spoofing test isn't succeeding for K-Meleon. The address in the address bar doesn't look like:
http://www.paypal.com/
and the status bar shows:
http://www.payp?l.com/
Now it does bother me that the "View Link URL" is showing some sort of character or characters and not the question mark that the status bar shows to indicate something funny's going on, and as a precaution I think I am going to implement the fix you suggest.
But the fact is, the exploit as presented doesn't work on K-Meleon.
Maybe the reason is that K-Meleon doesn't quite support IDN properly to begin with? Disabling IDN is perhaps the answer if you're an English-speaking North American, but 1/4 of Japanese domains use internationalized domain names.
The real fix is to not allow the use of obvious spoof domains at the registrar level, but in the current panic/hype few people are pointing out the obvious.
General discussion about K-Meleon
IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
Juha-Matti
Date: February 07, 2005 04:28PM
A new Multiple Browsers IDN (International Domain Names) Spoofing Security Issue was reported by Secunia company today. There is a test page available at:
http://secunia.com/multiple_browsers_idn_spoofing_test/
Test page opens a new window containing spoofed address bar with URL bar text http://www.paypal.com/
However, KM shows text http://www.payp?l.com/
and later http://www.paypðl.com/
in URL bar.
According to my test KM0.9 in WIndows XP Professional is _not_ affected.
Firefox-related advisory is here:
http://secunia.com/advisories/14165/
Can anyone confirm this and is anyone of dev team reading this just now?
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
guenter
Date: February 07, 2005 05:18PM
not even old 0.7 falls for that on my system (says the odd paypal site does not exist),
not 0.8.2+ not 0.9 (they show what You saw)
system WIN ME.
very strange // but nice ; o ))
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
Midas
Date: February 07, 2005 07:35PM
I confirm that KM 0.8.2+ Wechselbalg seems to be unaffected (It shows http://www.paypðl.com/). thanks for letting us know about this.
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
MD3
Date: February 08, 2005 03:30AM
0.9 on W95's cool:
http://kmeleonbrowser.org/forum/read.php?f=3&i=6868&t=6865
Secunia's test shows address:
http://www.payp?l.com/
in the address bar.
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
Fulvio Perini
Date: February 08, 2005 06:42AM
There is a parallel thread, and I posted that there is an apparent fix by setting network.enableIDN in about:config to false (it was true). In two tries to connect to the paypal address, I got a cannot be found., and nothing in the URL.
This "fix" was posted at a Netscape/Mozilla/Firefox forum.
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
MD3
Date: February 08, 2005 07:40AM
Fulvio,
Don't get me wrong, I think the information you are providing is important. But I think your are missing the point of our responses: the spoofing test isn't succeeding for K-Meleon. The address in the address bar doesn't look like:
http://www.paypal.com/
and the status bar shows:
http://www.payp?l.com/
Now it does bother me that the "View Link URL" is showing some sort of character or characters and not the question mark that the status bar shows to indicate something funny's going on, and as a precaution I think I am going to implement the fix you suggest.
But the fact is, the exploit as presented doesn't work on K-Meleon.
Re: IDN Spoofing security issue in FF,Suite,NS7 etc.
Posted by:
Mike
Date: February 10, 2005 12:18AM
Maybe the reason is that K-Meleon doesn't quite support IDN properly to begin with? Disabling IDN is perhaps the answer if you're an English-speaking North American, but 1/4 of Japanese domains use internationalized domain names.
The real fix is to not allow the use of obvious spoof domains at the registrar level, but in the current panic/hype few people are pointing out the obvious.
English