[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Homograph domain spoofing in .com, .net and .name - mfsa2013-61

ID: oval:org.secpod.oval:def:16324Date: (C)2013-12-30   (M)2017-11-17
Class: PATCHFamily: macos




Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson that Verisign"s prevention measures for homograph attacks using Internationalized Domain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox. IDN allows non-English speakers to use domains in their local language. Many supported characters are similar or identical to others in English, allowing for the potential spoofing of domain names and for phishing attacks when not blocked. In consultation with Verisign, Mozilla had added .com, .net, and .name top-level domains to its IDN whitelist, allowing for IDN use in those top-level domains without restrictions. However, it became clear that a number of historical dangerous registrations continued to be valid. This issue has been fixed by removing the .com, .net, and .name top-level domains from the IDN whitelist, and supplementing the whitelist implementation with technical restrictions against script-mixing in domain labels. These restrictions apply to all non-whitelisted top-level domains. More information on the exact algorithm used can be found here .

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla SeaMonkey
Mozilla Firefox
Reference:
MFSA 2013-61
CVE-2013-1699
CVE    1
CVE-2013-1699
CPE    8
cpe:/a:mozilla:firefox:21.0
cpe:/a:mozilla:firefox:20.0
cpe:/a:mozilla:firefox:19.0.1
cpe:/a:mozilla:firefox:20.0.1
...

© 2013 SecPod Technologies