Bugs :
K-Meleon Web Browser Forum
Oh yeah, K-meleon is vulnerable. Firefox has a work around.
Firefox Work around :
Edit the compreg.dat file ( firefox not running ) in your FireFox profile directory.
Comment out ( # ) the 2 lines containing "idn" (without quotes).
Restart firefox. & run the test again, I got address not found after the fix.
Unfortunately no work around for Mozilla yet.
AmboyGuy,
It is?
http://www.shmoo.com/idn/
Shows:
http://www.p0ypal.com/
and:
https://www.p0ypal.com/
for View URL
and
http://www.p?ypal.com/
and
https://www.p?ypal.com/
in the status bar for K-Meleon 0.9 on W95.
Doesn't fool me.
I agree. The secunia spoofing problem doesn't fool me either.
Just looking at
http:// http://www.p?ypal.com/
should tell you something's wrong.
N
Win98se
KM 0.9
One thing's starting to gnaw at me in K-Meleon 0.9 on W95, "View Link URL" shows:
http://www.payp0l.com/
with the "0" being different symbols on other Windows' platforms and not:
http://www.payp?l.com/
as the status bar consistently does.
My analysis shows that question mark isn't just some symbol the status bar throws down there, but an actual indicator that that particular symbol is being formed oddly.
I think "View Link URL" needs to be consistent and display the address in the same manner as the status bar displays it.
The posted fix for the spoof, to go to about:config and set network.enableIDN false, doesn't affect "View Link URL". It still displays:
http://www.payp0l.com
Instead of the
http://www.payp?l.com/
you will now get if you directly click on the attempting to spoof link.
how come when i have just visited my website, and i try to go back... and i click on the back button and hold it down or right click it, it shows other symbols?
«¡«Brian's Ever-Changing... Creation»!»
Like for the « symbol, it shows a copyright symbol... and for the » symbol, it shows this underscore type thing that shows at the top, as opposed to the bottom.
http://bst82551.ath.cx:8181
navigate through a few pages, then click on the back list and you'll see what i mean. Well, i know this isn't a big problem, but can this be fixed without me having to change the name of my website?
Brian
What Brian said it's true. When I use right-click on "back" button it shows the "registered" symbol and the "upper underscore" symbol.
Brian,
I too confirm that K-Meleon 0.9 W95 mangles your website's name in this little context menu.
I hope you are joking about changing the name of your website if this flaw never gets addressed. Because when one visit's your site with K-Meleon the Title Bar and the Task button still renders the website name correctly in all its glory. Be a shame to trash such a creative name because of a menuing quirk.
BTW View -> History menu blows it too, in the same way.
You can talk about issues with k-meleon here. Issues means: bugs, malfunction, crashes, etc. Remember that issues with web rendering is beyond the scope of what K-meleon is, a shell for an engine.
Mozilla Spoofing IDN bug
Posted by:
AmboyGuy
Date: February 08, 2005 02:08AM
Re: Mozilla Spoofing IDN bug
Posted by:
AmboyGuy
Date: February 08, 2005 02:18AM
Oh yeah, K-meleon is vulnerable. Firefox has a work around.
Firefox Work around :
Edit the compreg.dat file ( firefox not running ) in your FireFox profile directory.
Comment out ( # ) the 2 lines containing "idn" (without quotes).
Restart firefox. & run the test again, I got address not found after the fix.
Unfortunately no work around for Mozilla yet.
Re: Mozilla Spoofing IDN bug
Posted by:
MD3
Date: February 08, 2005 02:48AM
AmboyGuy,
It is?
http://www.shmoo.com/idn/
Shows:
http://www.p0ypal.com/
and:
https://www.p0ypal.com/
for View URL
and
http://www.p?ypal.com/
and
https://www.p?ypal.com/
in the status bar for K-Meleon 0.9 on W95.
Doesn't fool me.
Re: Mozilla Spoofing IDN bug
Posted by:
ndebord
Date: February 08, 2005 07:15AM
I agree. The secunia spoofing problem doesn't fool me either.
Just looking at
http:// http://www.p?ypal.com/
should tell you something's wrong.
N
Win98se
KM 0.9
Re: Mozilla Spoofing IDN bug
Posted by:
MD3
Date: February 08, 2005 08:54AM
One thing's starting to gnaw at me in K-Meleon 0.9 on W95, "View Link URL" shows:
http://www.payp0l.com/
with the "0" being different symbols on other Windows' platforms and not:
http://www.payp?l.com/
as the status bar consistently does.
My analysis shows that question mark isn't just some symbol the status bar throws down there, but an actual indicator that that particular symbol is being formed oddly.
I think "View Link URL" needs to be consistent and display the address in the same manner as the status bar displays it.
The posted fix for the spoof, to go to about:config and set network.enableIDN false, doesn't affect "View Link URL". It still displays:
http://www.payp0l.com
Instead of the
http://www.payp?l.com/
you will now get if you directly click on the attempting to spoof link.
Re: Mozilla Spoofing IDN bug
Posted by:
Brian
Date: February 09, 2005 12:09AM
how come when i have just visited my website, and i try to go back... and i click on the back button and hold it down or right click it, it shows other symbols?
«¡«Brian's Ever-Changing... Creation»!»
Like for the « symbol, it shows a copyright symbol... and for the » symbol, it shows this underscore type thing that shows at the top, as opposed to the bottom.
http://bst82551.ath.cx:8181
navigate through a few pages, then click on the back list and you'll see what i mean. Well, i know this isn't a big problem, but can this be fixed without me having to change the name of my website?
Brian
Re: Mozilla Spoofing IDN bug
Posted by:
Buggler
Date: February 09, 2005 04:00AM
What Brian said it's true. When I use right-click on "back" button it shows the "registered" symbol and the "upper underscore" symbol.
Re: Mozilla Spoofing IDN bug
Posted by:
MD3
Date: February 09, 2005 11:34AM
Brian,
I too confirm that K-Meleon 0.9 W95 mangles your website's name in this little context menu.
I hope you are joking about changing the name of your website if this flaw never gets addressed. Because when one visit's your site with K-Meleon the Title Bar and the Task button still renders the website name correctly in all its glory. Be a shame to trash such a creative name because of a menuing quirk.
BTW View -> History menu blows it too, in the same way.
English