Bug#294270: IDN support allows domain spoofing
Joey Hess
Joey Hess <joeyh@debian.org>, 294270@bugs.debian.org
Tue, 8 Feb 2005 16:04:23 -0500
--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: epiphany-browser
Severity: normal
Tags: security
Epiphany and other browsers which support IDN are vulnerable to domain
spoofing via homograph characters in domain names. Please see
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031459.html
for details, and note that this is CAN-2005-0238.
This bug is filed upstream:
https://bugzilla.mozilla.org/show_bug.cgi?id=3D281381
Note: I have not marked this bug as releae critical, because it's not
clear to me if spoofing attacks qualify.
--=20
see shy jo
--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCSlXd8HHehbQuO8RAt+0AJ41BXAciikgkAH0tgHfBBc1fVhxzwCfTIxc
0nPX87lW2KAWyH59G9MLWr0=
=v/jP
-----END PGP SIGNATURE-----
--qDbXVdCdHGoSgWSk--