Bug#860806: firefox-esr: network.enableIDN no longer has any effect, allowing easier phishing attacks
Sven Joachim
svenjoac at gmx.de
Thu Apr 20 12:27:34 UTC 2017
On 2017-04-20 14:00 +0200, Vincent Lefevre wrote:
> On 2017-04-20 13:10:16 +0200, Sven Joachim wrote:
>> On 2017-04-20 12:50 +0200, Vincent Lefevre wrote:
>> > I've had the network.enableIDN preference[1] set to false for many
>> > years (as shown in about:config) in order to avoid some phishing
>> > attacks (and I had always relied on it). I've just noticed that it
>> > no longer has any effect!
>>
>> You're rather late to discover this, the preference has been removed
>> in Firefox 22 four years ago[1].
>
> Not in Debian! I can still see the preference in about:config.
That's because you changed it.
> FYI, I set up this IDN config on 2005-02-08, and never touched it as
> I didn't see any announce (or error message in case the preference
> would be set in the user config, but removed).
Firefox does not usually remove entries from prefs.js either, nor does
it complain about unknown preferences (those might belong to
extensions).
Cheers,
Sven
More information about the pkg-mozilla-maintainers
mailing list