Vulnerability CVE-2005-0238


Published: 2005-05-02   Modified: 2012-02-12

Description:
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vendor: Opera software
Product: Opera web browser 
Version: 7.54;
Vendor: Omnigroup
Product: Omniweb 
Version: 5;
Vendor: Mozilla
Product: Mozilla 
Version:
1.6
1.5.1
1.5
1.4.4
1.4.2
1.4.1
1.4
1.3.1
1.3
1.2.1
1.2
1.1
1.0.2
1.0.1
1.0
0.9.9
0.9.8
0.9.7
0.9.6
0.9.5
0.9.48
0.9.4.1
0.9.4
0.9.35
0.9.3
0.9.2.1
0.9.2
0.8
Product: Firefox 
Version: 1.0;
Product: Camino 
Version: 0.8.5;
Vendor: Gnome
Product: Epiphany 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399
http://xforce.iss.net/xforce/xfdb/19236
http://www.shmoo.com/idn/homograph.txt
http://www.shmoo.com/idn
http://www.securityfocus.com/bid/12461
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

Related CVE
CVE-2018-12422
** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software...
CVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
CVE-2018-11396
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open ca...
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2018-10767
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will l...
CVE-2018-10733
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
CVE-2017-2885
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s...
CVE-2018-1000135
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have bee...

Copyright 2018, cxsecurity.com

 

Back to Top