Firefox update blocks up IDN security hole


Firefox update blocks up IDN security hole

Antony Savvas

The Mozilla Foundation, the not-for-profit promoter of open source, has updated its Firefox browser to block a number of reported vulnerabilities.

The update deals with a recently reported vulnerability common to a number of browsers that support the Internationalised Domain Names (IDN) standard, which handles special character sets in domain names.

IDN allows companies to register domain names that appear to be the same in different languages. But this encoding scheme can allow an attacker to create a fake website for a phishing scam.

A spoofed link can appear to be a legitimate URL in the address bar of affected browsers, but instead of taking the victim to the trusted site, the link leads to a phishing website that will try and glean personal details from the user.

The new Firefox 1.0.1 blocks this vulnerability by showing users that they have been transferred to a different domain and are not on the same trusted site.

Microsoft’s Internet Explorer is not affected by the vulnerability as it does not support IDN.

Mozilla says there have been 27 million downloads of Firefox since it was launched last year. Version 1.0.1 is available from

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy