CVE-2005-0238 — MEDIUM (5.0)

Q: How severe is CVE-2005-0238?

CVE-2005-0238 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-0238?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Epiphany, Mozilla Camino, Mozilla Mozilla, Omnigroup Omniweb, Opera Opera Browser.

Vulnerability Description

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Epiphany	All versions
Mozilla	Camino	0.8.5
Mozilla	Mozilla	<= 1.6
Omnigroup	Omniweb	5
Opera	Opera Browser	<= 7.54

References

http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
http://www.securityfocus.com/bid/12461Broken LinkThird Party AdvisoryVDB Entry
http://www.shmoo.com/idnBroken LinkExploitVendor Advisory
http://www.shmoo.com/idn/homograph.txtBroken LinkExploitVendor Advisory
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399Broken LinkIssue TrackingPatch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party AdvisoryVDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
http://www.securityfocus.com/bid/12461Broken LinkThird Party AdvisoryVDB Entry
http://www.shmoo.com/idnBroken LinkExploitVendor Advisory
http://www.shmoo.com/idn/homograph.txtBroken LinkExploitVendor Advisory
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399Broken LinkIssue TrackingPatch
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236Third Party AdvisoryVDB Entry

FAQ

What is CVE-2005-0238?

CVE-2005-0238 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that us...

How severe is CVE-2005-0238?

CVE-2005-0238 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0238?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Epiphany, Mozilla Camino, Mozilla Mozilla, Omnigroup Omniweb, Opera Opera Browser.