CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html	Broken Link Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=110782704923280&w=2	Mailing List
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml	Exploit Patch Third Party Advisory Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Exploit Patch Third Party Advisory Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-29.html	Exploit Patch Third Party Advisory Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html	Broken Link Exploit Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-176.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-384.html	Broken Link
http://www.securityfocus.com/bid/12461	Broken Link Third Party Advisory VDB Entry
http://www.shmoo.com/idn	Broken Link Exploit Vendor Advisory
http://www.shmoo.com/idn/homograph.txt	Broken Link Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029	Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229	Tool Signature

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:camino:0.8.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:mozilla::::::::
	cpe:2.3:a:omnigroup:omniweb:5:::::::*
	cpe:2.3:a:opera:opera_browser::::::::
	cpe:2.3:a:opera_software:opera_web_browser:7.54:::::::*

History

No history.

Information

Published : 2005-02-08 05:00

Updated : 2022-02-28 17:41

NVD link : CVE-2005-0233

Mitre link : CVE-2005-0233

CVE.ORG link : CVE-2005-0233

JSON object : View

Products Affected

mozilla

camino
firefox
mozilla

omnigroup

omniweb

opera_software

opera_web_browser

opera

opera_browser

CWE

NVD-CWE-noinfo

{"id": "CVE-2005-0233", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-02-08T05:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml", "tags": ["Exploit", "Patch", "Third Party Advisory", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml", "tags": ["Exploit", "Patch", "Third Party Advisory", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html", "tags": ["Exploit", "Patch", "Third Party Advisory", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html", "tags": ["Broken Link", "Exploit", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/12461", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.shmoo.com/idn", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.shmoo.com/idn/homograph.txt", "tags": ["Broken Link", "Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."}], "lastModified": "2022-02-28T17:41:49.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D044E602-45A5-4B14-8B16-B0978D985027"}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6F232DA-F897-4429-922E-F5CFF865A8AA", "versionEndExcluding": "1.7.6"}, {"criteria": "cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECD3E937-C813-4564-9E3C-D009D39E8A8B"}, {"criteria": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE75E76-E20D-47A4-9603-0AF46F733AEF", "versionEndIncluding": "7.54"}, {"criteria": "cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142EB1E3-2918-4792-83D7-9D7B6A3BD26B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

7.5 /10