Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Serious Flaw in Firefox and Chrome Browsers!

1492
Moderator
Moderator

โ€ŽApr-19-2017 07:41 AM

I thought I'd pass along this potential vulnerability in Firefox and Chrome browsers which is receiving increased attention in online security communities. It involves Unicode phishing vulnerability, where clicking a link to what appears a legit URL, can actually be a fake website.

In fact, if you are using Firefox or Chrome browser right now? Try clicking this link:



Look at your browser's URL address bar? Does it say https://apple.com. Obviously, not an Apple website? Notice how the browser also appears to indicate a valid site certificate (https://)? Further demonstrating how hackers could potentially clone Apple's site to make it look legit, leaving a door open to steal personal account info?

Now try clicking the link using MS Internet Explorer (IE) browser? Notice that the URL address bar correctly indicates the site address as https://www.xn--80ak6aa92e.com/? IE is not affected by the Unicode vulnerability?

Until patches are available for both Firefox and Chrome browsers, it is advisable not to click links to websites in emails, or other unfamiliar sources. Instead type the URL website link directly into the browser address bar. Or use IE browser in the intern.

For Firefox users who feel comfortable in making browser config changes, you can adjust the following browser setting to temporarily mitigate the Unicode vulnerability:

  1. Type or copy and paste about:config in the URL address bar.
  2. Click the "I'll be careful, I promise!" button.
  3. Type or copy and paste network.IDN_show_punycode in Search bar.
  4. Double mouse click the line network.IDN_show_punycode until Value column changes to true.
  5. Close the browser tab.

Now try clicking the fake URL link above once again as a test? Should now read https://www.xn--80ak6aa92e.com/?



For further reference, see:


This Phishing Attack is Almost Impossible to Detect...

Phishing with Unicode Domains
0 Likes
59 REPLIES 59

fj12ryder
Explorer III
Explorer III

โ€ŽApr-23-2017 05:08 PM

So this has been a known problem for 12 years?
Howard and Peggy

"Don't Panic"
0 Likes

1492
Moderator
Moderator

โ€ŽApr-23-2017 02:17 PM

If you want to see how far back this issue was brought to Mozilla's attention, do a search in Bugzilla. Found one from 12 years ago.
0 Likes

Chris_Bryant
Explorer
Explorer

โ€ŽApr-23-2017 11:44 AM

I'm incredibly annoyed that my Chromebook still has no update- not sure why- other Chromebooks have updated, and all the other boxes I have Chrome on are updated.
-- Chris Bryant
0 Likes

1492
Moderator
Moderator

โ€ŽApr-23-2017 10:01 AM

RPreeb wrote:


The link connection was blocked by my Webroot Security as a malicious link. Chrome user with Webroot Secure Anywhere.

As long as it blocks "Punycode", those URL's that begin with "http://xn--" or "https://xn--". Blocking the given URL in this thread is irrelevant, as its a demo page and doesn't represent any type of threat in itself.

Try clicking other Punycode links to test whether Webroot blocks all those links?
0 Likes

RPreeb
Explorer
Explorer

โ€ŽApr-22-2017 10:16 PM

1492 wrote:
ktmrfs wrote:


well, here is what chrome says on my computer, comes up with a very specific warning and won't take you to the site.

Hey there!

This may or may not be the site you are looking for! This site is obviously not affiliated with Apple, but rather a demonstration of a flaw in the way unicode domains are handled in browsers.

See what this is about

I don't think you understand the purpose of the link? It goes to a "test" website to demonstrate the vulnerability. This in not a Chrome or Firefox browser warning, or an AV security message. It is a static page specifically created to show you that this is not apple.com website.

You're not supposed to be re-directed or continue anywhere else? If this were a genuine hacker page, you would have already fallen for the trap. Instead, just a demonstration.

If you see https://www.apple.com in the address bar of either Chrome or Firefox, along with the message:




Then your browser is vulnerable to this flaw!


The link connection was blocked by my Webroot Security as a malicious link. Chrome user with Webroot Secure Anywhere.
Rick
2016 F-150 XLT 4x4 3.5 EB
2017 Jay Feather X213
0 Likes

1492
Moderator
Moderator

โ€ŽApr-22-2017 07:55 PM

You then open yourself to other exploitable vulnerabilities patched in later versions.
0 Likes

MrWizard
Moderator
Moderator

โ€ŽApr-22-2017 04:31 PM

im running firefox 52 OSR

maybe i need to go back to 31 ? ๐Ÿ™‚
I can explain it to you.
But I Can Not understand it for you !
....

Connected using T-Mobile Home internet and Visible Phone service
1997 F53 Bounder 36s
0 Likes

road-runner
Explorer III
Explorer III

โ€ŽApr-22-2017 04:22 PM

My version 31 firefox does not have the flaw. Maxthon 4.3.2.1000 does have it.
2009 Fleetwood Icon
0 Likes

Homeless_by_Cho
Explorer
Explorer

โ€ŽApr-21-2017 03:53 PM

garry1p wrote:
Lower left using FF 53 shows apple site but when I click on the link Bitdefender calls it a phishing site and blocks it.

I guess FF 53 is not yet up to speed thanks for the info and fix.


I put the fix in immediately after this was called to our attention. Then my FireFox correctly showed the hidden website address in the lower left corner. Last night my FireFox was updated to 53.0. I previously read that 53.0 did not fix the problem. I suspected that the issue may have returned so I check and found that the update did not overwrite the fix. I am still OK until FireFox comes out with an update which addresses that phishing issue.

LeRoy
Homeless by Choice
FULL TIMER since 2012
2015 Chevy 3500, Duramax, 4X4, DRW, Crew cab, Long bed
2013 Northern Lite 8'11"Q Sportsman truck camper
2015 Polaris RZR Side by Side
0 Likes

garry1p
Explorer
Explorer

โ€ŽApr-21-2017 03:43 PM

Lower left using FF 53 shows apple site but when I click on the link Bitdefender calls it a phishing site and blocks it.

I guess FF 53 is not yet up to speed thanks for the info and fix.
Garry1p


1990 Holiday Rambler Aluma Lite XL
454 on P-30 Chassis
1999 Jeep Cherokee sport
0 Likes

wa8yxm
Explorer III
Explorer III

โ€ŽApr-21-2017 02:31 PM

The new Fox 53 is out. at least.. Let me check. Yup 53.0 Installed this AM
Home was where I park it. but alas the.
2005 Damon Intruder 377 Alas declared a total loss
after a semi "nicked" it. Still have the radios
Kenwood TS-2000, ICOM ID-5100, ID-51A+2, ID-880 REF030C most times
0 Likes

DiskDoctr
Explorer
Explorer

โ€ŽApr-21-2017 02:11 PM

Fizz wrote:
Go for it.
We all can use a good laugh.


...and THAT is how Richard Gill died ๐Ÿ˜› LOL.

No sense goading someone into an argument, especially a new user to the site. :R
0 Likes

magicbus
Explorer
Explorer

โ€ŽApr-21-2017 02:11 PM

Not sure if it's related, but my FF just tried to update because I accidentally closed it and I got a message that the patch could not be applied. I wonder if it isn't related to the fact I "patched" it manually.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36
0 Likes

1492
Moderator
Moderator

โ€ŽApr-21-2017 02:08 PM

happycamper002 wrote:
I haven't got started yet if that's what you mean.

Not on this thread or in Technology Corner. Your previous post(s) had nothing to do with the subject at hand. Therefore, off topic.

You're also in the wrong forum. If you're having forum issues, post comments, or complain, whatever the case may be, in Forum Technical Support. Not here, as posts not related to the subject will be deleted.
0 Likes
  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Pinterest