From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Description of problem: When network.enableIDN is set to false in about:config, IDN lookups will initially fail. When Firefox is stopped and restarted, however, they will work again, even though the network.enableIDN is still set to false. See http://www.shmoo.com/idn/ for an example of how this can be used for phishing. Version-Release number of selected component (if applicable): firefox-1.0-2.fc3 How reproducible: Always Steps to Reproduce: 1. Start Mozilla Firefox. 2. Type "about:config" into the URL bar. 3. Set network.enableIDN to false. 4. Visit http://www.shmoo.com/idn/ and click on one of the links; lookup will fail (properly). 5. Close Firefox & restart. 6. Type "about:config" into URL bar; confirm that network.enableIDN is still set to false. 7. Visit http://www.shmoo.com/idn/ and click on one of the link; lookup will succeed. Actual Results: IDN lookup succeeds, even though network.enableIDN is set to false. Expected Results: IDN lookup should fail. Additional info:
This also happens with firefox-1.0-8 from development.
Appears to be fixed in 1.0.1-1.3.1.
Will there be an errata announcement for the 1.0.1-1.3.1 update?
I mailed on Saturday. Whenever someone approves it, yes.
https://www.redhat.com/archives/fedora-announce-list/2005-February/msg00068.html
*** Bug 143314 has been marked as a duplicate of this bug. ***