Google
 
Web crispy23.blogspot.com

Saturday, February 26, 2005

Important Firefox Update

A friend of mine that I work with wrote this up yesterday afternoon:
The Mozilla Foundation released on Thursday an update to the Firefox Web browser to fix several vulnerabilities, including one that would allow domain spoofing.

The open-source project released Firefox 1.0.1 to fix, among other bugs, a vulnerability in the Internationalized Domain Names (IDN), a standard for handling special character sets in domain names that lets companies register domain names that appear to be the same in different languages. The IDN vulnerability allowed an attacker to create a fake Web site on a
non-Microsoft browser in order to pull off a phishing scam. A spoofed link would seem to be a legitimate URL in the address bar of affected browsers. But instead of taking the victim to the trusted site, the link would lead to a phony Web site with a domain rendered as the same address under the IDN process.
 A special thanks to "Gumby@FA" for this overview. The update can be found here.

Crispy