CVE Reference: CVE-2005-0233

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-0233

Description:
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/19236

SUSE
  http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-384.html
  http://www.redhat.com/support/errata/RHSA-2005-176.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100029
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11229

MISC
  http://www.shmoo.com/idn/homograph.txt
  http://www.shmoo.com/idn

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
  http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml

FULLDISC
  http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

CONFIRM
  http://www.mozilla.org/security/announce/mfsa2005-29.html

BUGTRAQ
  http://marc.theaimsgroup.com/?l=bugtraq&m=110782704923280&w=2

BID
  12461


Return to the previous page.