Red Hat Bugzilla – Bug 147405
CAN-2005-0237 homograph spoofing
Last modified: 2007-11-30 17:07:16 EST
*** This bug has been split off bug 147397 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.02.07
The Shmoo Group has discovered a homograph attack in a number of web browsers:
This issue allows an attacker supply a domain name that looks like a common
name, but is an International Domain Name. This issue would allow various
attacks to steal information from an unsuspecting vitim.
Upstream is tracking this issue here:
it's now fixed in kdelibs-3.3.1-3.6. it's built in dist-4E-errata-candidate tree.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.