Subject: mozilla/firefox address spoof
To: None <tech-security@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20050215T141904@dailyplanet.dontspam.wsrcc.com>
List: tech-security
Date: 02/15/2005 14:30:08
It sounds like the address spoofing can be prevented by turning off
the IDN logic.  

* in the URL window type:  about:config
* in the new "Filter window" type: network.enableIDN
* in the main window click on the above variable
* in the main window, use the button-3 pull-down, select "toggle" 
     the value should turn from true to false.

Exit mozilla to write out the new prefs.js file.  (If mozilla crashes
before doing a graceful exit the changes won't be saved.)

Someone that understands the mozilla source tree might want to hunt
down this variable there and patch the defaults at the source.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
     Hate software patents?  Sign here: http://thankpoland.info/