TechTarget

Firefox update blocks up IDN security hole

The Mozilla Foundation, the not-for-profit promoter of open source, has updated its Firefox browser to block a number of reported...

The Mozilla Foundation, the not-for-profit promoter of open source, has updated its Firefox browser to block a...

number of reported vulnerabilities.

The update deals with a recently reported vulnerability common to a number of browsers that support the Internationalised Domain Names (IDN) standard, which handles special character sets in domain names.

IDN allows companies to register domain names that appear to be the same in different languages. But this encoding scheme can allow an attacker to create a fake website for a phishing scam.

A spoofed link can appear to be a legitimate URL in the address bar of affected browsers, but instead of taking the victim to the trusted site, the link leads to a phishing website that will try and glean personal details from the user.

The new Firefox 1.0.1 blocks this vulnerability by showing users that they have been transferred to a different domain and are not on the same trusted site.

Microsoft’s Internet Explorer is not affected by the vulnerability as it does not support IDN.

Mozilla says there have been 27 million downloads of Firefox since it was launched last year. Version 1.0.1 is available from www.mozilla.org.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close