Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Firefox: IDN Punycode Exploitation - here's how to fix it

Scheduled Pinned Locked Moved Off-topic
2 Posts 2 Posters 252 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by
    #1

    https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/

    TL;DR - Brave.com got spoofed and pushed malware through downloads using IDN Punycode exploitation.

    Here is a demonstration (safe to click): https://www.аррӏе.com/

    This issue affects Firefox only as it remains the only browser without a fix (by default).


    Here's how to fix it:

    In the Firefox address bar, type:

    about:config
    

    Find the following and toggle it to "TRUE"

    network.IDN_show_punycode
    

    You're done! You should be able to see the raw url now instead of the masked one in the address bar and also in the bottom left of the browser page while hovering on it.

    Sources:

    https://www.tenforums.com/tutorials/104760-enable-disable-idn-punycode-firefox-address-bar-windows.html

    https://www.xudongz.com/blog/2017/idn-phishing/


    @marcusquinn I think it was you who recommended Vivaldi on here so I had it replace Chrome for anything Google related. The cool thing is that the punycode site doesn't even load in Vivaldi! Thanks for the recommendation!

    marcusquinnM 1 Reply Last reply
    5
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to humptydumpty on last edited by
    #2

    @humptydumpty Good stuff, yeah Vivaldi remains my Chromium of choice 👍

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.