Awful. 3 years unfixed Mozilla
@firefox #security issue. And
@mozilla refuses to fix it. Tor Browser also affected.
https://www.xn--80ak6aa92e.com/ shows up as
Note: there is nothing apple specific about this issue. Apple was just used as an example by the security researcher. Responsible for this issue is Firefox.
I can’t even find Mozilla’s rationale for being adamant about this. 3 years ago they wrote:
We now have an FAQ which makes our position clear:
IDN Display Algorithm FAQ - MozillaWiki
Nowadays this wiki page is empty (links to another empty wiki page).
Any reason why it is not enabled by default in Firefox? Any reason against enabling it?
Workaround: got to
about:config in Firefox URL bar, search for
network.IDN_show_punycode and double click to change its setting from
- Tor Browser bug report: Use sane about:config value: network.IDN_show_punycode = true (#27887) · Issues · Legacy / Trac · GitLab
Weird this hasn’t been enabled yet.