Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0238

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0238
Last Modified 05 Sep 2008 04:45:43
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0238

Summary

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Systems

Application

  • Gnome Epiphany

  • Mozilla 0.8

  • Mozilla 0.9.2

  • Mozilla 0.9.2.1

  • Mozilla 0.9.3

  • Mozilla 0.9.35

  • Mozilla 0.9.4

  • Mozilla 0.9.4.1

  • Mozilla 0.9.48

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.4.2

  • Mozilla 1.4.4

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla Camino 0.8.5

  • Mozilla Firefox 1.0

  • Omnigroup Omniweb 5

  • Opera Software Opera Web Browser 7.54


References

CONFIRM - https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399

XF - multiple-browsers-idn-spoof(19236)

MISC - http://www.shmoo.com/idn/homograph.txt

MISC - http://www.shmoo.com/idn

BID - 12461

FULLDISC - 20050206 state of homograph attacks


Last Updated: 27 May 2016 10:39:44