Discussion in 'Windows Desktop Systems' started by NetRyder, Feb 7, 2005.
From the front-page:
Re: Mozilla/Firefox users: Disable IDN support
Update: Several users are now reporting that the fix does not necessarily work:
I tried setting the network.enableIDN flag to false, then visited the proof of concept page and I got an error when I tried to visit the fake Paypal link. All good. Then I restarted Firefox, tried again and the spoof still works. :s
Edit: Confirmed. It's a single session fix. As soon as you close and restart the browser, the fix no longer works. Hopefully the Mozilla/Firefox folks release an official patch soon.
Alright, here's a temporary fix that actually works:
Works perfectly. BTW, I didn't delete the lines, I just commented them out with a #.
ok, so for the fix to work its suppose to say not found when clicking on a spoof link?
I used http://www.shmoo.com/idn/ to test. And uncommented results in meeow and commented results in site not found.
thats annoying, I hope apple get on to this soon
What does disabling IDN do to your connection? (I'm not tops w/ networking)
Must re-edit when new plugin/extension is installed
I just make a shortcut to the file and open in notepad - use "replace" (or "find") function. I just replace "IDN" with "#" - it works.
Or you can use Proximitron:
Ooh-err. Not good.
What is proximitron?
p.s. Fix for Safari users: http://forum.osnn.net/showthread.php?t=55474
Ya I found that after I posted. Thank you anyways SPeedY_B
Great. So we have temporary fixes for Mozilla/Firefox and Safari.
*Wonders what the Opera folks are going to do*
Thanks Serlio, looks interesting.
**edit - wonderful. you can still visit site but are warned (Japanese sites - or sites that use IDN characters work - instead of disabling IDN altogether)
Awesome! That's a much better fix. Where did you find it, lynch?
Thanks Lynch thats one I can understand :laugh:
Where find? I live in Firefox world since Oct. 2002 - creating themes - so my finger is always on it's pulse.
Although I do not like to have another toolbar added to my browser some may want the updated spoofstick: http://www.jarnot.com/mt/archives/2005/02/firefox_spoof_s.php
The Mozilla Foundation has posted an official response pertaining to this issue.
I can't say I'm too pleased with the announcement. The fix lynchknot posted earlier in the thread seems like a better alternative to disabling IDN support completely.
adding the fix as we speak.