Closed Bug 293202 Opened 20 years ago Closed 20 years ago

displays unicode instead of punycode

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 264610

People

(Reporter: bb+bugzilla, Assigned: darin.moz)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050506 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050506 Firefox/1.0+ For security reasons it's important to display punycode instead of unicode domains. But on some domains, Firefox shows unicode in the Location Bar instead of punycode. Unfortunately I only found 2 URLs where the bug seams to exist: http://öamtc.at and http://mühlheim.de I've successfully tested this Bug on following Firefoxes (and on everyone I was able to reproduce it): Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050506 Firefox/1.0+ Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2) Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 It seams, that Firefox only displays Unicode in the Location Bar. If you look at "View Page Info", punycode is being displayed. If this Bug appears also in Domains with a kyrillc a for example it could become a big security bug. Reproducible: Always Steps to Reproduce: 1.Go to about:config and make sure, that network.IDN_show_punycode is set to true 2.Enter http://öamtc.at or http://mühlheim.de in your Location Bar. 3.Look at your Location Bar Actual Results: Unicode is being display in the Location bar. Expected Results: Normally Unicode should be displayed.
Ugh. It seams that bugzilla is having problems with german umlauts. The URL is http://öamtc.at (maybe it's now working?) If it's not working try google for the keyword "oamtc" and take the IDN. (or if you have a german Keyboard just type the oe-umlaut)
Worksforme, trunk Linux build (my own build).
Assignee: nobody → darin
Component: Location Bar and Autocomplete → Networking
Product: Firefox → Core
QA Contact: location.bar → benc
Version: unspecified → Trunk
This is a domain-guessing issue. If you put your cursor in the url bar and hit ESC it will switch to the real URL loaded which is not <blah>.com but actually www.<punycode-blah>.com It's not an issue from clicked (or dragged) links it doesn't enable phishing. The scammer would have to get people to copy and paste the url to fool them, but that's pretty suspicious to start. *** This bug has been marked as a duplicate of 264610 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.