Gecko engine based browsers have spoofing flaw

By Derek Sooman on February 8, 2005, 4:05 PM
Just about every browser out there - and, funnily enough, NOT Internet explorer - seems to have a spoofing flaw. Apparently, itís been discovered that anything built on the Gecko engine will allow the spoofing of an URL in the address bar, SSL certificate and status bar. Firefox, Opera, Mozilla, Netscape, Camino, OmniWeb, Safari and Konqueror are all affected.

The flaw is due to an unintended result of the implementation of International Domain Names which permits the use of international characters in domain names.

According to Secunia, this could be exploited by registering domain names with certain international characters that resembled other commonly used characters, thereby causing the user to believe he or she was on a trusted site.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.