CVE-2005-0233
First published: Mon Feb 07 2005(Updated: )
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opera Software Opera Web Browser | =7.54 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Camino | =0.8.5 | |
| OmniGroup OmniWeb | =5 | |
| Opera Opera Browser | <=7.54 | |
| Mozilla Mozilla | <1.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- http://www.mozilla.org/security/announce/mfsa2005-29.html
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.securityfocus.com/bid/12461
- http://marc.info/?l=bugtraq&m=110782704923280&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029
- agent/references
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/opera software
- canonical/opera software opera web browser
- version/opera software opera web browser/7.54
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.0
- canonical/mozilla camino
- version/mozilla camino/0.8.5
- vendor/omnigroup
- canonical/omnigroup omniweb
- version/omnigroup omniweb/5
- vendor/opera
- canonical/opera opera browser
- version/opera opera browser/7.54
- canonical/mozilla mozilla