[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-0233Date: (C)2005-02-08   (M)2024-03-27


The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-12461
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://marc.info/?l=bugtraq&m=110782704923280&w=2
GLSA-200503-10
GLSA-200503-30
RHSA-2005:176
RHSA-2005:384
SUSE-SA:2005:016
http://www.mozilla.org/security/announce/mfsa2005-29.html
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
multiple-browsers-idn-spoof(19236)
oval:org.mitre.oval:def:100029
oval:org.mitre.oval:def:11229

CPE    3
cpe:/a:mozilla:firefox:1.0
cpe:/a:mozilla:camino:0.8.5
cpe:/a:mozilla:mozilla
OVAL    1
oval:org.mitre.oval:def:100029

© SecPod Technologies