IDN Spoofing Fix for Firefox

Much noise was made when the Shmoo group pointed out an obvious flaw (obvious, as in the designers knew all along) in the Internationalized Domain Name system. The long and short of it is that there are characters in other alphabets that look just like letters in our latin alphabet, and you can use these to visually spoof domain names to users, and pretend for instance to be paypal.com. There were a number of suggestions to disable IDN support in Firefox, but almost all of them were temporary fixes (due to bugs in Mozilla). This site has instructions to permanently prevent this from happening using the wonderful Adblock extension for Firefox.

10 thoughts on “IDN Spoofing Fix for Firefox

    1. I read that article, but I think it is mostly fingerpointing….

      Browser makers point to registrars, registrars claim they aren’t the alphabet police, standard makers point to browser makers….

  1. I rather liked the plugin that highlighted parts of words in different colors for different character sets. That seemed to allow for legitimate internationalization.

Leave a Reply