Re: Apple Safari: idn urlbar spoofing

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: Apple Safari: idn urlbar spoofing
From: Robert Swiecki <jagger@xxxxxxxxxxx>
Date: Wed, 27 Jun 2007 11:27:40 +0200
In-reply-to: <Pine.LNX.4.58.0706252317590.795@dione>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <466FC842.1070404@xxxxxxxxxxx> <4671CFDB.50707@xxxxxxxxxxx> <4680268F.9060502@xxxxxxxxxxx> <0273B67044957C41BD71D12EBA2E00AE1A1CD3@xxxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.58.0706252317590.795@dione>
User-agent: Thunderbird Mnenhy/0.7.5.0

Michal Zalewski wrote:

> Whether Safari devs are to blame here exclusively, I'm not sure - IDN
> concept is by itself pretty evil, and this can be viewed simply a clever
> take on homograph attacks.

I found out that firefox has a configuration property:
network.IDN.blacklist_chars. It includes the character used in the
demonstration (&#x3164; - HANGULL FILLER) and many more. So, the problem
seems to be known (at least in firefox).

-- 
Robert Swiecki
http://www.swiecki.net

References:
- Apple Safari: cookie stealing
  - From: Robert Swiecki
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing
  - From: Robert Swiecki
- Re: Apple Safari: idn urlbar spoofing
  - From: Robert Swiecki
- RE: [Full-disclosure] Apple Safari: idn urlbar spoofing
  - From: Larry Seltzer
- Re: [Full-disclosure] Apple Safari: idn urlbar spoofing
  - From: Michal Zalewski

Prev by Date: [ MDKSA-2007:136 ] - Updated evolution packages fix vulnerability
Next by Date: Openedge _mprosrv buffer overflow
Previous by thread: Re: [Full-disclosure] Apple Safari: idn urlbar spoofing
Next by thread: iDefense Security Advisory 06.13.07: Multiple Vendor libexif Integer Overflow Heap Corruption Vulnerability
Index(es):
- Date
- Thread