Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0233

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0233
Last Modified 21 Aug 2010 12:25:42
Published 08 Feb 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0233

Summary

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Systems

Application

  • Mozilla 0.8

  • Mozilla 0.9.2

  • Mozilla 0.9.2.1

  • Mozilla 0.9.3

  • Mozilla 0.9.35

  • Mozilla 0.9.4

  • Mozilla 0.9.4.1

  • Mozilla 0.9.48

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.4.2

  • Mozilla 1.4.4

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla Camino 0.8.5

  • Mozilla Firefox 1.0

  • Omnigroup Omniweb 5

  • Opera Software Opera Web Browser 7.54


References

XF - multiple-browsers-idn-spoof(19236)

SUSE - SUSE-SA:2005:016

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-29.html

GENTOO - GLSA-200503-30

GENTOO - GLSA-200503-10

MISC - http://www.shmoo.com/idn/homograph.txt

MISC - http://www.shmoo.com/idn

BID - 12461

REDHAT - RHSA-2005:384

REDHAT - RHSA-2005:176

BUGTRAQ - 20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

FULLDISC - 20050206 state of homograph attacks


Last Updated: 27 May 2016 10:39:44