Firefox update blocks up IDN security hole

News

Firefox update blocks up IDN security hole

Antony Savvas

The Mozilla Foundation, the not-for-profit promoter of open source, has updated its Firefox browser to block a number of reported vulnerabilities.

The update deals with a recently reported vulnerability common to a number of browsers that support the Internationalised Domain Names (IDN) standard, which handles special character sets in domain names.

IDN allows companies to register domain names that appear to be the same in different languages. But this encoding scheme can allow an attacker to create a fake website for a phishing scam.

A spoofed link can appear to be a legitimate URL in the address bar of affected browsers, but instead of taking the victim to the trusted site, the link leads to a phishing website that will try and glean personal details from the user.

The new Firefox 1.0.1 blocks this vulnerability by showing users that they have been transferred to a different domain and are not on the same trusted site.

Microsoft’s Internet Explorer is not affected by the vulnerability as it does not support IDN.

Mozilla says there have been 27 million downloads of Firefox since it was launched last year. Version 1.0.1 is available from www.mozilla.org.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy