Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Firefox: IDN Punycode Exploitation - here's how to fix it

    Off-topic
    2
    2
    218
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • humptydumpty
      humptydumpty last edited by

      https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/

      TL;DR - Brave.com got spoofed and pushed malware through downloads using IDN Punycode exploitation.

      Here is a demonstration (safe to click): https://www.аррӏе.com/

      This issue affects Firefox only as it remains the only browser without a fix (by default).


      Here's how to fix it:

      In the Firefox address bar, type:

      about:config
      

      Find the following and toggle it to "TRUE"

      network.IDN_show_punycode
      

      You're done! You should be able to see the raw url now instead of the masked one in the address bar and also in the bottom left of the browser page while hovering on it.

      Sources:

      https://www.tenforums.com/tutorials/104760-enable-disable-idn-punycode-firefox-address-bar-windows.html

      https://www.xudongz.com/blog/2017/idn-phishing/


      @marcusquinn I think it was you who recommended Vivaldi on here so I had it replace Chrome for anything Google related. The cool thing is that the punycode site doesn't even load in Vivaldi! Thanks for the recommendation!

      marcusquinn 1 Reply Last reply Reply Quote 5
      • marcusquinn
        marcusquinn @humptydumpty last edited by

        @humptydumpty Good stuff, yeah Vivaldi remains my Chromium of choice 👍

        We're not here for a long time - but we are here for a good time :)
        Jersey/UK
        Work & Ecommerce Advice: https://brandlight.org
        Personal & Software Tips: https://marcusquinn.com

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Powered by NodeBB