The Register: Firefox Spoofing Flaw Goes International
Feb 08, 2005, 16:00 (9 Talkback[s])
(Other stories by John Leyden)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"A security loophole in Mozilla and Firefox browser could be
used to spoof the URL displayed in the address bar, SSL certificate
and status bar. The vulnerability also affects Opera and Konqueror
and stems from a flawed IDN (International Domain Name)
implementation within the browsers.
"The bug could be exploited by registering domain names with
certain international characters--which look like other
commonly-used characters--in order to hoodwink users into believing
they on a different, trusted site..."