The Shmoo Group has discovered a homograph attack in a number of web browsers: http://www.shmoo.com/idn/ This issue allows an attacker supply a domain name that looks like a common name, but is an International Domain Name. This issue would allow various attacks to steal information from an unsuspecting vitim.
Affects: RHEL2.1 Affects: RHEL3 Affects: RHEL4 Upstream is tracking this issue here: https://bugzilla.mozilla.org/show_bug.cgi?id=281381
Chris, Per our conversation last week, do you have any ideas on how we plan to fix this? Upstream removed this functionality, but we don't want to do this.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-335.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-384.html