Eric Johanson has reported a security issue in multiple browsers, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.

Please see the test below for an example of how this vulnerability can be exploited.

Click the link below in order to test whether or not your system is vulnerable. The test will open a new window, where the address bar writes "http://www.secunia.com/", but the page is actually displaying content from xn--secuni-8nf.com.

Test Your System
Test Now - Left Click On This Link


Result
You are vulnerable, if a new window is opened displaying the test page, but the address bar is displaying "http://www.secunia.com/" instead of xn--secuni-8nf.com.


Credits
Originally described by:
Evgeniy Gabrilovich and Alex Gontmakher

Reported by:
Eric Johanson

Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisory will be updated when the vendor issue patches.

View the Secunia advisory regarding your browser:
- [SA14209] VeriSign i-Nav Plug-In
- [SA14166] OmniWeb
- [SA14154] Opera
- [SA14163] Mozilla / Firefox / Camino
- [SA14162] Konqueror
- [SA14165] Netscape
- [SA14164] Safari

In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.

Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.

To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:

Email Address: