Bug#860806: firefox-esr: network.enableIDN no longer has any effect, allowing easier phishing attacks
Sven Joachim
svenjoac at gmx.de
Thu Apr 20 11:10:16 UTC 2017
Control: found -1 45.0esr-1
On 2017-04-20 12:50 +0200, Vincent Lefevre wrote:
> Package: firefox-esr
> Version: 45.9.0esr-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> I've had the network.enableIDN preference[1] set to false for many
> years (as shown in about:config) in order to avoid some phishing
> attacks (and I had always relied on it). I've just noticed that it
> no longer has any effect!
You're rather late to discover this, the preference has been removed
in Firefox 22 four years ago[1].
Cheers,
Sven
1. https://bugzilla.mozilla.org/show_bug.cgi?id=842282
More information about the pkg-mozilla-maintainers
mailing list