CVE-2005-0233
published 2005-02-08CVE-2005-0233: The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
20.40%
97.2th percentile
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Affected
91 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | camino | — | — |
| mozilla | firefox | <= 3.0.6 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
vendor_redhat·2009-02-16·CVSS 7.5
CVE-2009-0652 [HIGH] firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Ubuntu
Ubuntu 4.10 update for Firefox vulnerabilities
vendor_ubuntu·2005-07-28
CVE-2004-1156 Ubuntu 4.10 update for Firefox vulnerabilities
Title: Ubuntu 4.10 update for Firefox vulnerabilities
Summary: Ubuntu 4.10 update for Firefox vulnerabilities
USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
(Warty Warthog) is also vulnerable to these flaws, so it needs to be
upgraded as well. Please see
http://www.ubuntulinux.org/support/documentation/usn/usn-149-1
for the original advisory.
This update also fixes several older vulnerabilities; Some of them
could be exploited to execute arbitrary code with full user privileges
if the user visited a malicious web site. (MFSA-2005-01 to
MFSA-2005-44; please see the following web site for details:
http://www.mozilla.org/projects/security/known-vulnerabilities.html)
Instructions: In general, a standard sy
Red Hat
security flaw
vendor_redhat·2005-02-07·CVSS 7.5
CVE-2005-0233 [HIGH] security flaw
security flaw
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
GHSA
GHSA-h8qx-x78q-837g: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-0652 [HIGH] GHSA-h8qx-x78q-837g: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
GHSA
GHSA-9jrp-g945-8329: The International Domain Name (IDN) support in Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2005-0233 [HIGH] GHSA-9jrp-g945-8329: The International Domain Name (IDN) support in Firefox 1
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0233 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-0233 [HIGH] CVE-2005-0233 security flaw
CVE-2005-0233 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Bugzilla
CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
bugzilla·2009-02-21·CVSS 7.5
CVE-2009-0652 [HIGH] CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0652 to
the following vulnerability:
Mozilla Firefox 3.0.6 does not properly prevent the literal rendering
of homoglyph characters in IDN domain names, which allows remote
attackers to spoof URLs and conduct phishing attacks, as demonstrated
by homoglyphs of the / (slash) and ? (question mark) characters in a
subdomain of a .cn domain name, a different vulnerability than
CVE-2005-0233.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
https://www.blackhat.com/presentation
CWE
Insufficient Visual Distinction of Homoglyphs Presented to User
mitre_cwe
CWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User
CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.
Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase "l" (ell) and uppercase "I" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin
CAPEC
Homograph Attack via Homoglyphs
mitre_capec
[MEDIUM] Homograph Attack via Homoglyphs
CAPEC-632: Homograph Attack via Homoglyphs
An adversary registers a domain name containing a homoglyph, leading the registered domain to appear the same as a trusted domain. A homograph attack leverages the fact that different characters among various character sets look the same to the user. Homograph attacks must generally be combined with other attacks, such as phishing attacks, in order to direct Internet traffic to the adversary-controlled destinations.
Alternate Terms: Homoglyph Attack
Execution Flow:
Step 1 [Explore]: [Determine target website] The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Technique: Research popular or high traffic websites.
Step 2 [Experiment]: [Impersonate trusted domain]
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlhttp://www.mozilla.org/security/announce/mfsa2005-29.htmlhttp://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlhttp://www.redhat.com/support/errata/RHSA-2005-176.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlhttp://marc.info/?l=bugtraq&m=110782704923280&w=2http://www.gentoo.org/security/en/glsa/glsa-200503-10.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200503-30.xmlhttp://www.mozilla.org/security/announce/mfsa2005-29.htmlhttp://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.htmlhttp://www.redhat.com/support/errata/RHSA-2005-176.htmlhttp://www.redhat.com/support/errata/RHSA-2005-384.htmlhttp://www.securityfocus.com/bid/12461http://www.shmoo.com/idnhttp://www.shmoo.com/idn/homograph.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/19236https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229
2005-02-08
Published