Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2871Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
51.6%
top 2.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 9
Latest updateMay 1

Description

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox8 versions+7

🔴Vulnerability Details

1
GHSA
GHSA-h4c5-jq2c-gq8v: Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 12022-05-01

💥Exploits & PoCs

1
Exploit-DB
Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun (2)2005-09-22

📋Vendor Advisories

2
Ubuntu
Mozilla products vulnerability2005-09-12
Red Hat
security flaw2005-09-09

💬Community

1
Bugzilla
CVE-2005-2871 security flaw2018-08-16