CVE-2005-0233

8 documents6 sources

Severity

7.5HIGH

EPSS

8.6%

top 7.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Mozilla Opera Opera Browser Mozilla Camino +3 more

Timeline

PublishedFeb 8

Latest updateMay 1

Description

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶NVDmozilla/camino0.8.5

▶NVDmozilla/firefox1.0

▶NVDmozilla/mozilla< 1.7.6

▶NVDopera/opera_browser7.54

▶NVDomnigroup/omniweb5

Patches

Patch: www.gentoo.org ↗Patch: www.gentoo.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-9jrp-g945-8329: The International Domain Name (IDN) support in Firefox 1↗2022-05-01

▶

CVEList

CVE-2005-0233: The International Domain Name (IDN) support in Firefox 1↗2005-02-07

▶

📋Vendor Advisories

Red Hat

firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)↗2009-02-16

▶

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2005-02-07

▶

💬Community

Bugzilla

CVE-2005-0233 security flaw↗2018-08-16

▶