The way browsers display Punycode (support for foreign characters) has been a potential for abuse since it was implemented. However as Phishing attacks increase, the use of Punycode as a way to fool users has surfaced.
Punycode allows someone to register domain with foreign characters that will be displayed using only ASCII characters. For example, this page
![daea1fdcd6a324778f3274a64b6dfc24e6073874067835efefe5e26870baa383.png]()
is actually
![a502b06561524ec740ec6e8cb11fbd931f6fb219f42a0be6de275f97d44a514a.png]()
(check out the demo web page)
The workaround is to make FireFox & TenFoxFour display Punycode instead of using only ASCII characters. Here are the needed steps to make the change:
Punycode allows someone to register domain with foreign characters that will be displayed using only ASCII characters. For example, this page
is actually
(check out the demo web page)
The workaround is to make FireFox & TenFoxFour display Punycode instead of using only ASCII characters. Here are the needed steps to make the change:
- Type about:config in address bar and press enter.
- Type Punycode in the search bar.
- Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to True.
