We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,994 News Articles

Firefox, Mozilla and Opera struck by spoofing flaw

Microsoft IE the only browser not affected

A dangerous spoofing security hole has been found in every browser on the market, with one very surprising exception.

Mozilla, Firefox, Safari, Opera and Netscape all suffer from the "moderately critical" vulnerability that allows the spoofing of address bar URLs and SSL certificates but, incredibly, Microsoft's Internet Explorer gets a clean bill of health.

Publicised by security company Secunia, the flaw affects the range of browsers using the open-source Geko browser kernel. Anyone using an affected browser would be able to visit spoofed websites without being aware of it, something that would aid any crime based on setting up bogus websites, such as phishing.

The flaw arises from the way the named browsers resolve web addresses that include international characters in International Domain Name (IDN) URLs. Russian researchers Evgeniy Gabrilovich and Alex Gontmakher first outlined the potential for such a spoofing issue in 2002, in what was then a theoretical paper, The Homograph Attack. Exploiting the hole could, they reasoned, allow them to register a "homographic" variant of www.microsoft.com that included Unicode/UTF-8-defined Russian characters similar to certain ASCII characters.

They speculated that some browsers would either resolve these characters in a garbled way or would, as has turned out to be the case, present them as if the registered domain was actually the real Microsoft.com. Users could also be fooled into believing the bogus site was protected by an SSL certificate when it wasn’t.

There is no patch for the vulnerabilityas yet, though users can at least test browsers for it on the Secunia website.


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs UK: Is this the actual Note 4 - video

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

iPhone 6 release date, rumours, video, UK price & images: iPhone launch event confirmed for 9...