Serious vulnerability hits non-Microsoft browsers

Security company Websense has reported a vulnerability in internet browsers that allows hackers to launch phishing attacks by...

Security company Websense has reported a vulnerability in internet browsers that allows hackers to launch phishing attacks by spoofing legitimate websites.

On this occasion the Microsoft Internet Explorer browser is not affected by the vulnerability, which only affects its competitors.

The vulnerability involves browser support for International Domain Names (IDN), which allows non-ACSII characters to be used within a domain name.

For example, an attacker is able to replace the Latin "a" within a URL with a Cyrillic "a" and direct the user to a domain of their choice.

The vulnerability was first revealed several years ago but internet browsers have only just begun to implement support for IDN.

Internet browsers which currently support IDN include Firefox 1.0, Mozilla 1.6, Apple’s Safari 1.2.5, Opera 7.54, and OmniWeb 5. Microsoft’s IE does not support IDN so is not vulnerable.

For information on how to detect and prevent this type of phishing attack, go to:

http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=128

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close