Bug#860806: firefox-esr: network.enableIDN no longer has any effect, allowing easier phishing attacks

Vincent Lefevre vincent at vinc17.net
Thu Apr 20 12:00:54 UTC 2017


On 2017-04-20 13:10:16 +0200, Sven Joachim wrote:
> On 2017-04-20 12:50 +0200, Vincent Lefevre wrote:
> > I've had the network.enableIDN preference[1] set to false for many
> > years (as shown in about:config) in order to avoid some phishing
> > attacks (and I had always relied on it). I've just noticed that it
> > no longer has any effect!
> 
> You're rather late to discover this, the preference has been removed
> in Firefox 22 four years ago[1].

Not in Debian! I can still see the preference in about:config.

FYI, I set up this IDN config on 2005-02-08, and never touched it as
I didn't see any announce (or error message in case the preference
would be set in the user config, but removed).

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



More information about the pkg-mozilla-maintainers mailing list