Skip to content
This repository was archived by the owner on Dec 11, 2019. It is now read-only.
This repository was archived by the owner on Dec 11, 2019. It is now read-only.

[hackerone] homepage homograph attack #11001

Closed
#11006
Closed
[hackerone] homepage homograph attack#11001
#11006
Assignees
diracdeltas
Labels
QA/checked-LinuxQA/checked-Win64QA/checked-macOSQA/test-plan-specifiedbugrelease-notes/includesec-lowsecurity
Milestone
0.19.x (Beta Channel)
@diracdeltas

Description

@diracdeltas
diracdeltas
opened on Sep 18, 2017

Test plan

#11006 (comment)

from https://hackerone.com/bugs?report_id=268984&subject=brave:

Steps To Reproduce:

In browser add homepage with IDN @ebаy.com/ or just ebаy.com/
now close and open browser again
click the homepage button. you can see it's redirect to http://xn--eby-7cd.com/

expected result: in the 'home button' field in about:preferences, it should show '@xn--eby-7cd.com/' instead of '@ebаy.com/'

video https://www.youtube.com/watch?v=UgN-XJew9Es&feature=youtu.be

Metadata

Metadata

Assignees

Labels

QA/checked-LinuxQA/checked-Win64QA/checked-macOSQA/test-plan-specifiedbugrelease-notes/includesec-lowsecurity

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions