Published: 09/09/2005 Updated: 03/05/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and previous versions, and Netscape 8.0.3.3 and 7.2, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.0.5
mozilla firefox 1.0.6
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla firefox 1.0.3
mozilla firefox 1.0.4
mozilla firefox 1.0
mozilla firefox 1.5

Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird) By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been con ...

Synopsis thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes various bugs is now available forRed Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Descriptio ...

Synopsis mozilla security update Type/Severity Security Advisory: Critical Topic An updated mozilla package that fixes a security bug is now availableThis update has been rated as having critical security impact by the RedHat Security Response Team Description Mozilla is an open source We ...

Synopsis firefox security update Type/Severity Security Advisory: Critical Topic An updated firefox package that fixes as security bug is now available forRed Hat Enterprise Linux 4This update has been rated as having critical security impact by the RedHat Security Response Team Description ...

Several security-related problems have been discovered in Mozilla and derived programs Some of the following problems don't exactly apply to Mozilla Thunderbird, even though the code is present In order to keep the codebase in sync with upstream it has been altered nevertheless The Common Vulnerabilities and Exposures project identifies the foll ...

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla Firefox, which is also present in the other browsers from the same family that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes For the stable distribution (sarge) this problem has been fixed in version 104-2sarg ...

Several security-related problems have been discovered in Mozilla and derived programs The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbi ...

<HTML><SCRIPT> /* _______________________________________________________________________________ SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all (FireFox optimized) iSY iS; sS* Exploit for IDN host name heap buffer overrun in ...

NVD-CWE-Other http://www.security-protocols.com/firefox-death.html http://www.security-protocols.com/advisory/sp-x17-advisory.txt https://bugzilla.mozilla.org/show_bug.cgi?id=307259 http://www.redhat.com/support/errata/RHSA-2005-768.html http://www.redhat.com/support/errata/RHSA-2005-769.html http://www.ubuntu.com/usn/usn-181-1 http://www.kb.cert.org/vuls/id/573857 http://www.ciac.org/ciac/bulletins/p-303.shtml http://www.securiteam.com/securitynews/5RP0B0UGVW.html http://www.securityfocus.com/bid/14784 http://www.osvdb.org/19255 http://securitytracker.com/id?1014877 http://secunia.com/advisories/16764 http://secunia.com/advisories/16766 http://secunia.com/advisories/16767 http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml http://www.mozilla.org/security/announce/mfsa2005-57.html http://www.debian.org/security/2005/dsa-837 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html http://www.debian.org/security/2005/dsa-868 http://www.redhat.com/support/errata/RHSA-2005-791.html http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17284 http://www.debian.org/security/2005/dsa-866 http://secunia.com/advisories/17263 http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html http://securityreason.com/securityalert/83 http://www.vupen.com/english/advisories/2005/1691 http://www.vupen.com/english/advisories/2005/1824 http://www.vupen.com/english/advisories/2005/1690 http://marc.info/?l=full-disclosure&m=112624614008387&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/22207 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287 https://usn.ubuntu.com/181-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/1224/https://www.kb.cert.org/vuls/id/573857

CVE-2005-2871

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect