Vulnerability CVE-2005-0233


Published: 2005-02-08   Modified: 2012-02-12

Description:
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Opera software -> Opera web browser 
Omnigroup -> Omniweb 
Mozilla -> Camino 
Mozilla -> Firefox 
Mozilla -> Mozilla 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://marc.info/?l=bugtraq&m=110782704923280&w=2
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-29.html
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229

Copyright 2021, cxsecurity.com

 

Back to Top