Bug#294270: IDN support allows domain spoofing

Joey Hess Joey Hess <joeyh@debian.org>, 294270@bugs.debian.org
Tue, 8 Feb 2005 16:04:23 -0500


--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: epiphany-browser
Severity: normal
Tags: security

Epiphany and other browsers which support IDN are vulnerable to domain
spoofing via homograph characters in domain names. Please see
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html
for details, and note that this is CAN-2005-0238.

This bug is filed upstream:
https://bugzilla.mozilla.org/show_bug.cgi?id=3D281381

Note: I have not marked this bug as releae critical, because it's not
clear to me if spoofing attacks qualify.

--=20
see shy jo

--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCCSlXd8HHehbQuO8RAt+0AJ41BXAciikgkAH0tgHfBBc1fVhxzwCfTIxc
0nPX87lW2KAWyH59G9MLWr0=
=v/jP
-----END PGP SIGNATURE-----

--qDbXVdCdHGoSgWSk--