Bug#860806: firefox-esr: network.enableIDN no longer has any effect, allowing easier phishing attacks
Vincent Lefevre
vincent at vinc17.net
Thu Apr 20 13:44:56 UTC 2017
On 2017-04-20 14:27:34 +0200, Sven Joachim wrote:
> On 2017-04-20 14:00 +0200, Vincent Lefevre wrote:
> > On 2017-04-20 13:10:16 +0200, Sven Joachim wrote:
> >> On 2017-04-20 12:50 +0200, Vincent Lefevre wrote:
> >> > I've had the network.enableIDN preference[1] set to false for many
> >> > years (as shown in about:config) in order to avoid some phishing
> >> > attacks (and I had always relied on it). I've just noticed that it
> >> > no longer has any effect!
> >>
> >> You're rather late to discover this, the preference has been removed
> >> in Firefox 22 four years ago[1].
> >
> > Not in Debian! I can still see the preference in about:config.
>
> That's because you changed it.
>
> > FYI, I set up this IDN config on 2005-02-08, and never touched it as
> > I didn't see any announce (or error message in case the preference
> > would be set in the user config, but removed).
>
> Firefox does not usually remove entries from prefs.js either,
That would be a bad idea.
> nor does it complain about unknown preferences (those might belong
> to extensions).
This is a bit different here since the preference was known in past
versions. So, I've reported the following bug upstream:
https://bugzilla.mozilla.org/show_bug.cgi?id=1358122
Note that a solution on upstream's side is not the only way. I think
that the removal of network.enableIDN should have been announced in
a NEWS.Debian file.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the pkg-mozilla-maintainers
mailing list