Vulnerability CVE-2005-0233


Published: 2005-02-08   Modified: 2012-02-12

Description:
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vendor: Opera software
Product: Opera web browser 
Version: 7.54;
Vendor: Omnigroup
Product: Omniweb 
Version: 5;
Vendor: Mozilla
Product: Mozilla 
Version:
1.6
1.5.1
1.5
1.4.4
1.4.2
1.4.1
1.4
1.3.1
1.3
1.2.1
1.2
1.1
1.0.2
1.0.1
1.0
0.9.9
0.9.8
0.9.7
0.9.6
0.9.5
0.9.48
0.9.4.1
0.9.4
0.9.35
0.9.3
0.9.2.1
0.9.2
0.8
Product: Firefox 
Version: 1.0;
Product: Camino 
Version: 0.8.5;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://marc.info/?l=bugtraq&m=110782704923280&w=2
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-29.html
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229

Related CVE
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2018-12433
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different...
CVE-2018-5185
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5...
CVE-2018-5182
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equi...
CVE-2018-5181
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more rel...

Copyright 2018, cxsecurity.com

 

Back to Top