Home / Blogs

Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homographs Spoofing

  • Jul 26, 2005 9:41 PM PDT
  • Comments: 1
  • Views: 14,042
Print Comment
By CircleID Reporter

Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities."

Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN:

"We have implemented a TLD whitelist system, which currently contains 21 TLDs for which we correctly display IDN domain names in the UI. Any IDN domain name in a non-whitelisted TLD displays as punycode. This is a security feature and so there is no user interface for adding or removing TLDs.

Any registry which wishes to be added to the whitelist should follow the instructions on that page. In terms of what constitutes a homograph, we are being guided by the Unicode Consortium's confusables list and by common sense. Our policy in this area is still somewhat in flux - in particular, we are not yet sure whether we should require that registries consider two characters which differ only in accent (sometimes by the shade of a single pixel at normal font sizes) as homographic. In the mean time, we strongly advise that registries do this.

We have implemented a character blacklist, which will soon contain 'DIVISION SLASH' (U+2215) and 'FRACTION SLASH' (U+2044). After that, we may extend it to forbid more characters which may be used to spoof URL punctuation. This is not meant to prejudice the outcome of the current IAB-IDN discussions on potentially reducing the number of characters permitted in IDN, but we feel the danger posed by the use of such characters in 3rd and 4th level domains is great enough to require an immediate ban. Any domain name which contains one or more of these characters displays as punycode."

As a temporary response, Mozilla Foundation first considered disabling IDN support but later reconsidered and decided instead to display IDNs in Punycode, an ASCII representation of Unicode.

By CircleID Reporter

Related topics: Cyberattack, Cybercrime, DNS, Domain Names, Registry Services, Multilinguism, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

Re: Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homographs Spoofing Nathan Braun  –  Jan 23, 2006 12:55 PM PDT

Why doesn't Mozilla make a Firefox extension to browse non-ICANN TLDs?

# 1 Reply  |  Link  |  Report Problems

To post comments, please login or create an account.

Related Blogs

The Antivirus Uncertainty Principle

  • May 24, 2012
  • Comments: 0

A Logical Place to Start the IPv6 Transition

  • May 22, 2012
  • Comments: 0

Donuts and Efficiency: Ways to Recover Time and Money Lost to TAS

  • May 19, 2012
  • Comments: 0

Rethinking Protection Technologies: A Change Has Occurred

  • May 16, 2012
  • Comments: 0

2011 UDRP Filings Up at WIPO, Down at NAF - And Still Infinitesimal

  • May 16, 2012
  • Comments: 1
View More

Related News

Google Notifying Half a Million Users Affected By DNSChanger

  • May 23, 2012
  • Comments: 0

Eugene Kaspersky: World Needs International Agreements On Cyber-Weapons

  • May 23, 2012
  • Comments: 1

ICANN Reopens TLD Application System

  • May 21, 2012
  • Comments: 0

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

  • May 17, 2012
  • Comments: 0

A Look at the Rapid Evolution of the World's DNS Infrastructure

  • May 08, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

How the dot-CO Domain Opened the Door to a New Era of Internet Innovation

Nominum Launches 1st Comprehensive Mobile Security Solution That Protects Both Network and End User

Neustar Names Becky Burr as its Chief Privacy Officer

Application Filed for DOT BUDAPEST

New gTLD Informational Webinar on May 31

Frontline and Nominum Deliver Integrated DNS-Based Platform to Enhance Enterprise Security

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Call for Nominations to the Public Interest Registry .ORG Advisory Council

  • By PIR
  • Views: 1,403

Nominum Sets New Record for Network Speed and Efficiency

Recursive DNS Talk: Round Trip Times, Delegations and Performance

  • By Dyn
  • Views: 760

Oman Relaunches .om with the Support of ARI Registry Services

Implementing a Cyber-Security Code of Conduct: Real-Life Lessons From Australia (Webinar)

Domains Ending With .JP.NET Now Available to the General Public at Bargain Prices

Minds+Machines Wins Back-End Registry Services Contract For .BASKETBALL

DDoS Attacks: Top 10 Trends and Truths (Video)

.US Celebrates American Small Business, Surprises Unsuspecting Small Business Owner

Architelos Introduces 'Velocity' to Help TLDs Market in Evolving Domain Name Industry

Nominum Chairman and Chief Scientist, Dr. Paul Mockapetris Inducted into the Internet Hall of Fame

Nominum and Nixu Software to Deliver Centralized DNS and DHCP Management Solution

Minds + Machines Will Host New dot Rugby gTLD

View More

Hot Topics

Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Nominum

IPv6

Sponsored by
Nominum
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias
View More