Technical Description

A new vulnerability was reported in several web browsers, which may be exploited by attackers to conduct phishing/spoofing attacks and display fake domain names. The problem resides in the IDN (International Domain Name) implementation and occurs when handling malformed URLs containing specially crafted characters, which may be exploited to spoof SSL certificates and the URL displayed in the address/status bar.

Example :
The URL https://www.pаypal.com will display https://www.paypal.com (and points to https://www.xn--pypal-4ve.com)

Affected Products

Mozilla 1.7.5 and earlier
Firefox 1.0 and earlier
Opera version 7.54u2 and earlier
Safari version 1.2.4 (v125.1) and earlier
OmniWeb version 5.1 and earlier
Konqueror version 3.2.2 and earlier

Solution

Firefox 1.0.1 - http://www.mozilla.org/products/firefox/all.html
Opera 8.0b2 - http://www.opera.com/download/?ver=8.0b2
Safari - http://docs.info.apple.com/article.html?artnum=301116

References

http://www.vupen.com/english/advisories/2005/0112
http://www.shmoo.com/idn/homograph.txt

Credits

Vulnerability reported by Eric Johanson

ChangeLog

2005-02-07 : Initial release
2005-02-09 : Updated CVE
2005-02-25 : Firefox Patch
2005-02-28 : Opera Patch
2005-03-22 : Safari Patch

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.