Vulnerability CVE-2005-0238


Published: 2005-05-02   Modified: 2012-02-12

Description:
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vendor: Opera software
Product: Opera web browser 
Version: 7.54;
Vendor: Omnigroup
Product: Omniweb 
Version: 5;
Vendor: Mozilla
Product: Mozilla 
Version:
1.6
1.5.1
1.5
1.4.4
1.4.2
1.4.1
1.4
1.3.1
1.3
1.2.1
1.2
1.1
1.0.2
1.0.1
1.0
0.9.9
0.9.8
0.9.7
0.9.6
0.9.5
0.9.48
0.9.4.1
0.9.4
0.9.35
0.9.3
0.9.2.1
0.9.2
0.8
Product: Firefox 
Version: 1.0;
Product: Camino 
Version: 0.8.5;
Vendor: Gnome
Product: Epiphany 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399
http://xforce.iss.net/xforce/xfdb/19236
http://www.shmoo.com/idn/homograph.txt
http://www.shmoo.com/idn
http://www.securityfocus.com/bid/12461
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

Related CVE
CVE-2018-10767
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will l...
CVE-2018-10733
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVE-2017-2885
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s...
CVE-2018-1000135
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have bee...
CVE-2018-1000041
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers thro...
CVE-2018-5345
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
CVE-2017-1000422
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVE-2017-14604
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command....

Copyright 2018, cxsecurity.com

 

Back to Top