HackerOne: homograph attack. IDNs displayed in unicode in bug reports and on external link warning page

the IDN: http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, youm might think that you are going to ebay.com. in fact, you are going to a homograph url http://xn--eby-7cd.com/ more info http://www.chromium.org/developers/design-documents/idn-in-google-chrome more...

PHP IDNA Convert 0.8.0 Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in parameters encoded/decoded in the class PHP IDNA Convert allows remote attackers to inject arbitrary web script or HTML. PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicod...

[IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert

PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA Internationalizing Domain Names in Applications RFC3490 . This class allows PHP scripts to...

PHP IDNA Convert 0.8.0 Cross Site Scripting

PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA Internationalizing Domain Names in Applications RFC3490 . This class allows PHP scripts to...

Certain characters may be used for domain name spoofing – Opera Security Advisories

Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...

Certain characters may be used for domain name spoofing

Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should...

Mozilla Products IDN Spoofing (CVE-2005-0233)

The Internationalized Domain Names IDN standard defines specifications for the representation of domain names containing non-ASCII characters. The IDN standard has been developed to allow representation of Unicode domain names without depending on alterations to any network infrastructure...

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

Code injection

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

CVE-2009-3049

Opera before 10.00 has an IDN in the address bar display bug that can enable URL spoofing and phishing via Unicode/Punycode handling. The connected advisories/documentation confirm multiple CVEs (including CVE-2009-3049) tied to IDN spoofing vulnerabilities. Practical impact: remote attackers cou...

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

Opera may show some incorrect characters in the address bar

Some Unicode characters are treated incorrectly, which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing...

DEBIAN-CVE-2005-0238

The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0237

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

CVE-2005-0237

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

CVE-2005-0238

The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0235

The International Domain Name IDN support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0236

The International Domain Name IDN support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0234

The International Domain Name IDN support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

security flaw

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...