We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,145 News Articles

Firefox, Mozilla and Opera struck by spoofing flaw

Microsoft IE the only browser not affected

A dangerous spoofing security hole has been found in every browser on the market, with one very surprising exception.

Mozilla, Firefox, Safari, Opera and Netscape all suffer from the "moderately critical" vulnerability that allows the spoofing of address bar URLs and SSL certificates but, incredibly, Microsoft's Internet Explorer gets a clean bill of health.

Publicised by security company Secunia, the flaw affects the range of browsers using the open-source Geko browser kernel. Anyone using an affected browser would be able to visit spoofed websites without being aware of it, something that would aid any crime based on setting up bogus websites, such as phishing.

The flaw arises from the way the named browsers resolve web addresses that include international characters in International Domain Name (IDN) URLs. Russian researchers Evgeniy Gabrilovich and Alex Gontmakher first outlined the potential for such a spoofing issue in 2002, in what was then a theoretical paper, The Homograph Attack. Exploiting the hole could, they reasoned, allow them to register a "homographic" variant of www.microsoft.com that included Unicode/UTF-8-defined Russian characters similar to certain ASCII characters.

They speculated that some browsers would either resolve these characters in a garbled way or would, as has turned out to be the case, present them as if the registered domain was actually the real Microsoft.com. Users could also be fooled into believing the bogus site was protected by an SSL certificate when it wasn’t.

There is no patch for the vulnerabilityas yet, though users can at least test browsers for it on the Secunia website.


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback