Firefox: IDN Punycode Exploitation - here's how to fix it

humptydumpty

https://arstechnica.com/gadgets/2021/07/with-help-from-google-impersonated-brave-com-website-pushes-malware/

TL;DR - Brave.com got spoofed and pushed malware through downloads using IDN Punycode exploitation.

Here is a demonstration (safe to click): https://www.аррӏе.com/

This issue affects Firefox only as it remains the only browser without a fix (by default).

---

Here's how to fix it:

In the Firefox address bar, type:

about:config

Find the following and toggle it to "TRUE"

network.IDN_show_punycode

You're done! You should be able to see the raw url now instead of the masked one in the address bar and also in the bottom left of the browser page while hovering on it.

Sources:

https://www.tenforums.com/tutorials/104760-enable-disable-idn-punycode-firefox-address-bar-windows.html

https://www.xudongz.com/blog/2017/idn-phishing/

---

@marcusquinn I think it was you who recommended Vivaldi on here so I had it replace Chrome for anything Google related. The cool thing is that the punycode site doesn't even load in Vivaldi! Thanks for the recommendation!

marcusquinn

@humptydumpty Good stuff, yeah Vivaldi remains my Chromium of choice