CVE-2005-0233
First published: Mon Feb 07 2005(Updated: )
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opera software Opera web browser | =7.54 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Camino | =0.8.5 | |
| OmniGroup OmniWeb | =5 | |
| Opera | <=7.54 | |
| Mozilla Mozilla | <1.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- http://www.mozilla.org/security/announce/mfsa2005-29.html
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.securityfocus.com/bid/12461
- http://marc.info/?l=bugtraq&m=110782704923280&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029
Frequently Asked Questions
What is the severity of CVE-2005-0233?
CVE-2005-0233 is classified as a medium severity vulnerability due to its potential for domain spoofing.
How do I fix CVE-2005-0233?
To fix CVE-2005-0233, update affected software to the latest version that mitigates the issue.
Which software is affected by CVE-2005-0233?
CVE-2005-0233 impacts Mozilla Firefox 1.0, Camino 0.8.5, and older versions of Opera and Mozilla.
How does CVE-2005-0233 exploit domain names?
CVE-2005-0233 exploits domain names by allowing attackers to use homograph characters in punycode encoded domain names.
What is the impact of CVE-2005-0233 on users?
The impact of CVE-2005-0233 on users includes the risk of falling victim to phishing attacks through spoofed domain names.
- agent/references
- agent/type
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- vendor/opera software
- canonical/opera software opera web browser
- version/opera software opera web browser/7.54
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.0
- canonical/mozilla camino
- version/mozilla camino/0.8.5
- vendor/omnigroup
- canonical/omnigroup omniweb
- version/omnigroup omniweb/5
- vendor/opera
- canonical/opera
- version/opera/7.54
- canonical/mozilla mozilla