Firefox: IDN Punycode Exploitation - here's how to fix it
-
TL;DR - Brave.com got spoofed and pushed malware through downloads using IDN Punycode exploitation.
Here is a demonstration (safe to click): https://www.аррӏе.com/
This issue affects Firefox only as it remains the only browser without a fix (by default).
Here's how to fix it:
In the Firefox address bar, type:
about:configFind the following and toggle it to "TRUE"
network.IDN_show_punycodeYou're done! You should be able to see the raw url now instead of the masked one in the address bar and also in the bottom left of the browser page while hovering on it.
Sources:
https://www.xudongz.com/blog/2017/idn-phishing/
@marcusquinn I think it was you who recommended Vivaldi on here so I had it replace Chrome for anything Google related. The cool thing is that the punycode site doesn't even load in Vivaldi! Thanks for the recommendation!
-
TL;DR - Brave.com got spoofed and pushed malware through downloads using IDN Punycode exploitation.
Here is a demonstration (safe to click): https://www.аррӏе.com/
This issue affects Firefox only as it remains the only browser without a fix (by default).
Here's how to fix it:
In the Firefox address bar, type:
about:configFind the following and toggle it to "TRUE"
network.IDN_show_punycodeYou're done! You should be able to see the raw url now instead of the masked one in the address bar and also in the bottom left of the browser page while hovering on it.
Sources:
https://www.xudongz.com/blog/2017/idn-phishing/
@marcusquinn I think it was you who recommended Vivaldi on here so I had it replace Chrome for anything Google related. The cool thing is that the punycode site doesn't even load in Vivaldi! Thanks for the recommendation!
@humptydumpty Good stuff, yeah Vivaldi remains my Chromium of choice
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login