« Archiving digital media
Hello world! »

Firefox 1.0.1 shows punycode

Lamisil Tabletas Breast Feeding Zyrtec Brand Flomax Anxiety Risperdal Prednisone Hgh Investigators Brochure For Lexapro Clomid Pills For Sale Proscar Avodart Effexor Xr Arthralgia What Is The Drug Zocor For Giving Tylenol And Motrin To Toddler No Prescription Glucophage Find Search Viagra Generic Edinburgh Drug Interactions Between Zoloft And Topomax Prilosec Pneumonia Seroquel Withdrawals Weakness Hyzaar Back Pain Remeron Prescribing Information Claritin Hives Relief At Riteaid Breast Augmentation Checklist Fosamax History Glucophage Tablet Zithromax Reactions Akane Soma Video Rogaine Side Effects Women Forgot To Take My Premarin Retin-a Salicylic Acid Ashwagandha Articles Giving Clarinex To Dogs Cheap Breast Enhancement Products Maxalt And Long Term Use Mixing Herbs With Effexor Seroquel Roliga Avodart Results Cialis Overdose Contraindications And Information Tadalafil Accutane And Embryo Development Unusual Side Effects Lipitor Lisinopril Nnt Number Plavix Sex Tremors Withdrawl From Lexapro Benefits Of Premarin Premarin Vaginal Cream Applicator Gram Order Clomid How To Use Advair Diskus Sideaffects Of Zoloft Synthroid In Pregnancy Paypal Cialis Po Box Prevacid For Babies Lamictal And Passion Flower Price Quote For Viagra

Regarding the IDN exploit, Firefox has a security patch release that shows punycode in the status and location bars. It has a new config parameter network.IDN_show_punycode that is enabled by default.

To see the new behavior, I had to remove the unicode filter that I had in adblock (a persistent fix to the IDN problem); with the filter in place, any click on an IDN link would be ignored. I then had to re-enable the network.enableIDN parm, my original (and non-persistent, due to a firefox bug); with that set to false, I get this message from the handy test page for spoofed links:

http://sitefinder.verisign.com/lpc?url=www.theshmo%25D0%25BEgroup.com
&host=www.theshmo%25D0%25BEgroup.com

Network Error (dns_unresolved_hostname)
Your requested host “sitefinder.verisign.com” could not be resolved by DNS.
For assistance, contact your network support team.

Here again is a handy test page, where you can see punycode in both the mouse-over URL in the status bar, and in the location bar after going there.

(again via this article on the reg).

This entry was posted on Tuesday, March 1st, 2005 at 09:11 and is filed under internet/browsing. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply