Mozilla and Firefox Disable IDN Support

MOUNTAIN VIEW, Calif. – The recently uncovered security threat from international domain names that has been demonstrated in vulnerable web browsers such as Opera and Firefox is creating a firestorm of activity among developers seeking to mitigate this exploit.

As previously reported by XBiz, the vulnerability is a variation of the "homograph attack" which targets weaknesses in the methods that certain web browsers interpret Unicode in order to display domain names using non-English characters, carried out in a way that exploits character resemblance. For instance, the number "0" and the letter "O" are similar enough to fool unwary users into believing that a fraudulent site is actually the website the surfer was trying to reach.

In response to this threat, Mozilla's developers have announced their intention to disable default support for Internationalized Domain Names (IDN) in future releases of the Mozilla and Firefox web browsers.

Opera, and the Mac Safari browser will remain vulnerable, however Microsoft's Internet Explorer web browser is unaffected by this exploit.

A simple solution to the vulnerability in Mozilla and Firefox is had by setting "network.enableIDN" to "false" within the browser's configuration panel, accessed by entering "about:config" in the browser's address bar. This will be the new default setting going forward, but users who require IDN support may use the same configuration process to enable it.

"This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1," read a statement on mozillaZine. "For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names."

"There are now many ways to display any domain name on a browser, as there are a huge number of codepages / scripts which look very similar to Latin charsets," said an advisory from the The Shmoo Group, the organization which first demonstrated the exploit. "[For] a business trying to protect their identity, IDN makes their life very difficult. It is expected there will be many domain name related conflicts related to IDN."

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

JuicyAds Wins Trademark Infringement Case Against Fraudulent Domain

JuicyAds has won its World Intellectual Property Organization (WIPO) case against a website using a similar domain to impersonate the company's site and defraud customers.

Anissa Kate, Jordan Starr Top AEBN for Q2 of 2025

AEBN has published its top-selling stars for the second quarter of 2025, with Anissa Kate landing atop the leaderboard for straight theaters and Jordan Starr heading up the gay rankings.

AEBN Reveals Eva Maxim as Top Trans Star for Q2 of 2025

AEBN has published its top trans stars list for the second quarter of 2025, with Eva Maxim landing atop the leaderboard.

France Reinstates Age Verification Rule for EU Sites

France’s highest court, the Council of State, on Tuesday reinstated age verification rules for EU-based sites under the country’s Security and Regulation of the Digital Space (SREN) law, ruling in favor of the French government and against Hammy Media.

Whisper Fans Joins Pineapple Support as Supporter-Level Sponsor

Whisper Fans has joined the ranks of over 70 adult businesses and organizations committing funds and resources to Pineapple Support.

Utherverse Launches 'Red Light Center' Virtual World

Virtual reality and metaverse technology company Utherverse has launched its new virtual world, RedLightCenter.io.

European Commission Approves AV Guidelines, Unveils Prototype App

The European Commission on Monday released its final, approved guidelines for protecting minors online under the EU’s Digital Services Act (DSA) and made public a “white label” age verification app intended to help sites and platforms comply with age verification rules under the DSA.

New Membership Site 'Sluts Corner' Launches

R18 Entertainment has launched a new membership site, SlutsCorner.com.

Show More