Those of you who read the blogmarks (over there ————> ) may have noticed some recent press about a ‘Firefox Exploit’ (which is neither a Firefox problem, nor an exploit - see workaround details here among other places).
A few thoughts/points about this problem:
- The issues resolves around using non-ASCII characters in a domain name, thus allowing (for instance) the Nordic countries to use their funny extra letters in domain names.
- For the first time ever that I can recall, IE isn’t affected by this issue. Why? Because they don’t support the new technology. Although you can get a plugin to add in, thus making them vulnerable.
- _Any_ browser that supports IDN is affected, including Firefox, Mozilla, Safari, Opera, as well as others.
- Operasoft have said that there is nothing wrong with their implementation, and so won’t be performing a ‘fix’.
And here’s my suggestion for a possible workaround - in a similar way that they do for https browsers should change the background colour of the addressbar for URLs that contain non-ASCII characters. While this may not be all-encompassing, it would seem to be a simple and effective way for this to be highlighted to the user. Perhaps there should also be a pop-up that is cancellable (’do not warn me about this again’) for those who are using these on a regular basis.
Just my £0.02
mrBen
