Eric Johanson

**Name of the Vulnerable Software and Affected Versions** Firefox version 1.0 Camino version .8.5 Mozilla versions prior to 1.7.6 **Description** The issue allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates. This is done by utilizing homograph characters from other character sets, which can facilitate phishing attacks. **Recommendations** For Firefox version 1.0, update to a version that includes the fix for this issue. For Camino version .8.5, update to a version that includes the fix for this issue. For Mozilla versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari version 1.2.5 **Description** The issue allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates. This is done in a way that uses homograph characters from other character sets, which facilitates phishing attacks. **Recommendations** For Safari version 1.2.5, consider disabling the International Domain Name (IDN) support as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Opera version 7.54 **Description** The issue allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates. This is done in a way that uses homograph characters from other character sets, which facilitates phishing attacks. **Recommendations** For Opera version 7.54, consider disabling the International Domain Name (IDN) support as a temporary workaround until a patch is available. Restrict access to punycode encoded domain names to minimize the risk of exploitation. Avoid using homograph characters from other character sets in URLs and SSL certificates until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Omniweb version 5 **Description** The issue concerns the International Domain Name (IDN) support, which allows remote attackers to spoof domain names. This is achieved by using punycode encoded domain names that are decoded in URLs and SSL certificates, leveraging homograph characters from other character sets. This facilitates phishing attacks. **Recommendations** For Omniweb version 5, consider disabling the IDN support as a temporary workaround until a patch is available. Restrict access to URLs and SSL certificates that use punycode encoded domain names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Konqueror version 3.2.1 **Description** The issue allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates. This is done by utilizing homograph characters from other character sets, which can facilitate phishing attacks. **Recommendations** For Konqueror version 3.2.1, consider disabling the International Domain Name (IDN) support as a temporary workaround until a patch is available. Restrict access to potentially malicious URLs to minimize the risk of exploitation.