CVE-2005-0233

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-0233
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html Broken Link Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2 Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml Exploit Patch Third Party Advisory Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml Exploit Patch Third Party Advisory Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-29.html Exploit Patch Third Party Advisory Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html Broken Link Exploit Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-176.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-384.html Broken Link
http://www.securityfocus.com/bid/12461 Broken Link Third Party Advisory VDB Entry
http://www.shmoo.com/idn Broken Link Exploit Vendor Advisory
http://www.shmoo.com/idn/homograph.txt Broken Link Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229 Tool Signature
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*
History

28 Feb 2022, 17:41

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*		 cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
References (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml - Exploit, Patch, Vendor Advisory (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml - Exploit, Patch, Third Party Advisory, Vendor Advisory
References (MISC) http://www.shmoo.com/idn/homograph.txt - Exploit, Vendor Advisory (MISC) http://www.shmoo.com/idn/homograph.txt - Broken Link, Exploit, Vendor Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=110782704923280&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=110782704923280&w=2 - Mailing List
References (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html - Exploit, Vendor Advisory (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html - Broken Link, Exploit, Vendor Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-384.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-384.html - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-176.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-176.html - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 - Third Party Advisory, VDB Entry
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229 - Tool Signature
References (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Exploit, Patch, Vendor Advisory (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - Exploit, Patch, Third Party Advisory, Vendor Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029 - Tool Signature
References (MISC) http://www.shmoo.com/idn - Exploit, Vendor Advisory (MISC) http://www.shmoo.com/idn - Broken Link, Exploit, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/12461 - (BID) http://www.securityfocus.com/bid/12461 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.mozilla.org/security/announce/mfsa2005-29.html - Exploit, Patch, Vendor Advisory (CONFIRM) http://www.mozilla.org/security/announce/mfsa2005-29.html - Exploit, Patch, Third Party Advisory, Vendor Advisory
References (SUSE) http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html - Exploit, Patch, Vendor Advisory (SUSE) http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html - Broken Link, Exploit, Patch, Vendor Advisory
CWE NVD-CWE-Other NVD-CWE-noinfo
First Time Opera
Opera opera Browser
Information

Published : 2005-02-08 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-0233

Mitre link : CVE-2005-0233

CVE.ORG link : CVE-2005-0233

JSON object : View

Products Affected

mozilla

  • mozilla
  • camino
  • firefox

opera

  • opera_browser

opera_software

  • opera_web_browser

omnigroup

  • omniweb
CWE
NVD-CWE-noinfo