Tuesday, February 15, 2005

Mozilla Blames ICANN Registries and Registrars

From their website:

Last week, we reported that Mozilla is vulnerable to a homograph spoofing attack using international domain names (IDNs). Today, Gervase Markham, acting on behalf of staff@mozilla.org and drivers@mozilla.org, announced the Mozilla Foundation's short-term response. In the forthcoming Mozilla Firefox 1.0.1 and Mozilla 1.8 Beta releases, IDN support will be disabled (bug 282270). For those users that need it, an XPI will be released to turn IDN support back on (bug 282269).

This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1. For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names (the ICANN guidelines specifically warn against this).


Post a Comment

Links to this post:

Create a Link

<< Home