ID CVE-2005-2871
Summary Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2006-02-01T09:08:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family unix
    id oval:org.mitre.oval:def:1287
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title Mozilla IDN heap overrun using soft-hyphens
    version 36
  • accepted 2007-05-09T16:11:06.815-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family windows
    id oval:org.mitre.oval:def:584
    status accepted
    submitted 2005-11-11T12:00:00.000-04:00
    title Mozilla IDN heap overrun using soft-hyphens
    version 4
  • accepted 2013-04-29T04:20:38.577-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family unix
    id oval:org.mitre.oval:def:9608
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    version 29
redhat via4
advisories
  • rhsa
    id RHSA-2005:768
  • rhsa
    id RHSA-2005:769
  • rhsa
    id RHSA-2005:791
rpms
  • firefox-0:1.0.6-1.4.2
  • firefox-debuginfo-0:1.0.6-1.4.2
  • thunderbird-0:1.0.7-1.4.1
  • thunderbird-debuginfo-0:1.0.7-1.4.1
refmap via4
bid 14784
cert-vn VU#573857
ciac P-303
confirm
debian
  • DSA-837
  • DSA-866
  • DSA-868
fedora FLSA-2006:168375
fulldisc
  • 20050909 Mozilla Firefox "Host:" Buffer Overflow
  • 20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox
gentoo GLSA-200509-11
hp
  • HPSBUX01133
  • SSRT5940
mandriva MDKSA-2005:174
misc
osvdb 19255
sectrack 1014877
secunia
  • 16764
  • 16766
  • 16767
  • 17042
  • 17090
  • 17263
  • 17284
sreason 83
ubuntu USN-181-1
vupen
  • ADV-2005-1690
  • ADV-2005-1691
  • ADV-2005-1824
xf mozilla-url-bo(22207)
Last major update 03-05-2018 - 01:29
Published 09-09-2005 - 18:03
Last modified 03-05-2018 - 01:29
Back to Top