Quote:
|
Originally Posted by EyeForOne
The International Character exploits have long been fixed in Moz/FF , since it was first learned of - it was a swift, fast, small, and easy fix - unlike most ms fixes, that linger for years before they're attended to....but that doesn't mean those who are savvy, can't use IE reliably, nor should they change if they are happy with it. It's the NEW users that have no clue, that continue to allow the proliferation of nasties ...and NEW systems that should have alternative browser/s as a choice IMO, such as when Netscape 4.06 and IE4 were bundled together (but that's when the Java VM peaked as a real proprietary mess)
I wasn't going to post at all - but that Chinese "BIG5" Character Encoding was glaringly obvious, I thought I'd mention it.
|
If the exploit was fixed then the page would not display the Secunia site. All firefox has done is change the way the address bar displays the address. It displays it in Punycode which identifies the exploit, but the average user does not know this and would still respond to the displayed page.
Having the address bar display
http://www.xn--paypl-7ve.com/ instead of
http://www.paypal.com is not a fix as long as you are still taken to the same location. As long as the Secunia site is displayed the browser has been spoofed, regardless of what the address bar displays.
Punycode