ff is not handling Look-Alike Domains properly
there is a known issue where scammers setup Look-Alike Domains so the URL appears like apple.com or your bank to deceive unsuspecting users ... see https://hackaday.com/2017/04/19/you-think-you-cant-be-phished/
I tested this on ff nightly and the Look-Alike hacked site just appeared as https://www.аррӏе.com/
ff has setting in about:config
network.IDN_show_punycode
which defaults to false ... when set to true above issue is resolved and browser properly shows actual underlying faked URL as https://www.xn--80ak6aa92e.com/ and not https://www.аррӏе.com/
Firefox should fix this default setting
there is a known issue where scammers setup Look-Alike Domains so the URL appears like apple.com or your bank to deceive unsuspecting users ... see https://hackaday.com/2017/04/19/you-think-you-cant-be-phished/
I tested this on ff nightly and the Look-Alike hacked site just appeared as https://www.аррӏе.com/
ff has setting in about:config
network.IDN_show_punycode
which defaults to false ... when set to true above issue is resolved and browser properly shows actual underlying faked URL as https://www.xn--80ak6aa92e.com/ and not https://www.аррӏе.com/
Firefox should fix this default setting
All Replies (1)
Please see bug 1332714. There's whole discussion about this issue.