Vulnerability Description
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Camino | 0.8.5 |
| Mozilla | Firefox | 1.0 |
| Mozilla | Mozilla | < 1.7.6 |
| Omnigroup | Omniweb | 5 |
| Opera | Opera Browser | <= 7.54 |
| Opera Software | Opera Web Browser | 7.54 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken LinkExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=110782704923280&w=2Mailing List
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlExploitPatchThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlExploitPatchThird Party Advisory
- http://www.mozilla.org/security/announce/mfsa2005-29.htmlExploitPatchThird Party Advisory
- http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlBroken LinkExploitPatch
- http://www.redhat.com/support/errata/RHSA-2005-176.htmlBroken Link
- http://www.redhat.com/support/errata/RHSA-2005-384.htmlBroken Link
- http://www.securityfocus.com/bid/12461Broken LinkThird Party AdvisoryVDB Entry
- http://www.shmoo.com/idnBroken LinkExploitVendor Advisory
- http://www.shmoo.com/idn/homograph.txtBroken LinkExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlBroken LinkExploitVendor Advisory
FAQ
What is CVE-2005-0233?
CVE-2005-0233 is a vulnerability with a CVSS score of 7.5 (HIGH). The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in ...
How severe is CVE-2005-0233?
CVE-2005-0233 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0233?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Camino, Mozilla Firefox, Mozilla Mozilla, Omnigroup Omniweb, Opera Opera Browser.