General :
K-Meleon Web Browser Forum
Please Rodocop enable network.IDN_show_punycode=true at K-Meleon 76RC Portable.
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
https://www.xn--e1awd7f.com/ = phising site
Thank you for mention this.
I didn't know it's set to false by default.
I'll fix it.
Files under current links updated with fixed packages now!
Thanks Rodocop!
@JG, just to reduce misunderstandings, when you're talking of "KM portable", everyone will read this as Dorians "official" version. Only a few regular insiders here will realize, and only when you add rodocops name too, that you're actually talking of his customized "KM Pro" version. It may also be portable that's true, but his special version is called "Pro".
@siria I'm sorry about that, yes I'm using Rodocop's KM Pro Portable 76RC for certain tasks because I installed the version that seems actively maintained and up to date -- however I don't know if the other available versions are fixed for this unicode vulnerability because I've never installed them. Rodocop's version just works flawlessly for me, mailing services and shockwave games just fly.
Yes it's perfectly fine, customized with some extensions additionally to the official version, some different default settings and especially a LOT faster maintained My only point is to reduce misunderstandings with names.
Just saying this is NOT A BUG and NOT NEW:
http://kmeleonbrowser.org/forum/read.php?1,100044
Talking about it 7 years ago.
The fix is as easy as have common sense. Type URLs for important sites (like banking), don't follow links, etc.
Even though it is easier to catch them with punnycode, the problem isn't in how the URL is formatted, UTF-8 or ASCII.
P.S.: no hace falta que pongas la dirección de correo para publicar mensajes. Cuando lo haces, la dirección se hace pública y eres un objectivo más fácil para los spambots.
Edited 1 time(s). Last edit at 04/29/2017 04:51PM by JohnHell.
General discussion about K-Meleon
unicode vulnerability
Posted by:
J.G.
Date: April 29, 2017 12:56PM
Please Rodocop enable network.IDN_show_punycode=true at K-Meleon 76RC Portable.
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
https://www.xn--e1awd7f.com/ = phising site
Re: unicode vulnerability
Posted by:
rodocop
Date: April 29, 2017 01:56PM
Thank you for mention this.
I didn't know it's set to false by default.
I'll fix it.
Re: unicode vulnerability
Posted by:
rodocop
Date: April 29, 2017 02:28PM
Files under current links updated with fixed packages now!
Re: unicode vulnerability
Posted by:
J.G.
Date: April 29, 2017 02:55PM
Thanks Rodocop!
Re: unicode vulnerability
Posted by:
siria
Date: April 29, 2017 03:03PM
@JG, just to reduce misunderstandings, when you're talking of "KM portable", everyone will read this as Dorians "official" version. Only a few regular insiders here will realize, and only when you add rodocops name too, that you're actually talking of his customized "KM Pro" version. It may also be portable that's true, but his special version is called "Pro".
Re: unicode vulnerability
Posted by:
J.G.
Date: April 29, 2017 04:11PM
@siria I'm sorry about that, yes I'm using Rodocop's KM Pro Portable 76RC for certain tasks because I installed the version that seems actively maintained and up to date -- however I don't know if the other available versions are fixed for this unicode vulnerability because I've never installed them. Rodocop's version just works flawlessly for me, mailing services and shockwave games just fly.
Re: unicode vulnerability
Posted by:
siria
Date: April 29, 2017 04:31PM
Yes it's perfectly fine, customized with some extensions additionally to the official version, some different default settings and especially a LOT faster maintained
My only point is to reduce misunderstandings with names.Re: unicode vulnerability
Posted by:
JohnHell
Date: April 29, 2017 04:47PM
Just saying this is NOT A BUG and NOT NEW:
http://kmeleonbrowser.org/forum/read.php?1,100044
Talking about it 7 years ago.
The fix is as easy as have common sense. Type URLs for important sites (like banking), don't follow links, etc.
Even though it is easier to catch them with punnycode, the problem isn't in how the URL is formatted, UTF-8 or ASCII.
P.S.: no hace falta que pongas la dirección de correo para publicar mensajes. Cuando lo haces, la dirección se hace pública y eres un objectivo más fácil para los spambots.
Edited 1 time(s). Last edit at 04/29/2017 04:51PM by JohnHell.
English