Mozilla Foundation Security Advisory 2009-15

2009-04-23T00:00:00
ID SECURITYVULNS:DOC:21730
Type securityvulns
Reporter Securityvulns
Modified 2009-04-23T00:00:00

Description

Mozilla Foundation Security Advisory 2009-15

Title: URL spoofing with box drawing character Impact: Low Announced: April 21, 2009 Reporter: Moxie Marlinspike Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.0.9 Thunderbird 2.0.0.21 SeaMonkey 1.1.15 Description

Security researcher Moxie Marlinspike reported that Unicode box drawing characters were allowed in Internationalized Domain Names (IDN) where they could be visually confused with punctuation used in valid web addresses. This could be combined with a phishing-type scam to trick a victim into thinking they were on a different website than they actually were. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=479336
* CVE-2009-0652