ID CVE-2005-0233
Summary The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References
Vulnerable Configurations
  • Mozilla Camino .8.5
    cpe:2.3:a:mozilla:camino:0.8.5
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Mozilla Browser 0.8
    cpe:2.3:a:mozilla:mozilla:0.8
  • Mozilla Mozilla Browser 0.9.2
    cpe:2.3:a:mozilla:mozilla:0.9.2
  • Mozilla Mozilla Browser 0.9.2.1
    cpe:2.3:a:mozilla:mozilla:0.9.2.1
  • Mozilla Mozilla Browser 0.9.3
    cpe:2.3:a:mozilla:mozilla:0.9.3
  • Mozilla Mozilla Browser 0.9.4
    cpe:2.3:a:mozilla:mozilla:0.9.4
  • Mozilla Mozilla Browser 0.9.4.1
    cpe:2.3:a:mozilla:mozilla:0.9.4.1
  • Mozilla Mozilla Browser 0.9.5
    cpe:2.3:a:mozilla:mozilla:0.9.5
  • Mozilla Mozilla Browser 0.9.6
    cpe:2.3:a:mozilla:mozilla:0.9.6
  • Mozilla Mozilla 0.9.7
    cpe:2.3:a:mozilla:mozilla:0.9.7
  • Mozilla Mozilla Browser 0.9.8
    cpe:2.3:a:mozilla:mozilla:0.9.8
  • Mozilla Mozilla 0.9.9
    cpe:2.3:a:mozilla:mozilla:0.9.9
  • Mozilla Mozilla Browser 0.9.35
    cpe:2.3:a:mozilla:mozilla:0.9.35
  • Mozilla Mozilla Browser 0.9.48
    cpe:2.3:a:mozilla:mozilla:0.9.48
  • Mozilla Mozilla 1.0
    cpe:2.3:a:mozilla:mozilla:1.0
  • cpe:2.3:a:mozilla:mozilla:1.0:rc1
    cpe:2.3:a:mozilla:mozilla:1.0:rc1
  • cpe:2.3:a:mozilla:mozilla:1.0:rc2
    cpe:2.3:a:mozilla:mozilla:1.0:rc2
  • Mozilla Mozilla Browser 1.0.1
    cpe:2.3:a:mozilla:mozilla:1.0.1
  • Mozilla Mozilla Browser 1.0.2
    cpe:2.3:a:mozilla:mozilla:1.0.2
  • Mozilla Mozilla 1.1
    cpe:2.3:a:mozilla:mozilla:1.1
  • Mozilla Mozilla Browser 1.1 Alpha
    cpe:2.3:a:mozilla:mozilla:1.1:alpha
  • Mozilla Mozilla Browser 1.1 Beta
    cpe:2.3:a:mozilla:mozilla:1.1:beta
  • Mozilla Mozilla 1.2
    cpe:2.3:a:mozilla:mozilla:1.2
  • Mozilla Mozilla Browser 1.2 Alpha
    cpe:2.3:a:mozilla:mozilla:1.2:alpha
  • Mozilla Mozilla Browser 1.2 Beta
    cpe:2.3:a:mozilla:mozilla:1.2:beta
  • Mozilla Mozilla Browser 1.2.1
    cpe:2.3:a:mozilla:mozilla:1.2.1
  • Mozilla Mozilla 1.3
    cpe:2.3:a:mozilla:mozilla:1.3
  • Mozilla Mozilla Browser 1.3.1
    cpe:2.3:a:mozilla:mozilla:1.3.1
  • Mozilla Mozilla 1.4
    cpe:2.3:a:mozilla:mozilla:1.4
  • Mozilla Mozilla 1.4a
    cpe:2.3:a:mozilla:mozilla:1.4:alpha
  • Mozilla Mozilla Browser 1.4b
    cpe:2.3:a:mozilla:mozilla:1.4:beta
  • Mozilla Mozilla 1.4.1
    cpe:2.3:a:mozilla:mozilla:1.4.1
  • Mozilla Mozilla Browser 1.4.2
    cpe:2.3:a:mozilla:mozilla:1.4.2
  • Mozilla Mozilla Browser 1.4.4
    cpe:2.3:a:mozilla:mozilla:1.4.4
  • Mozilla Mozilla 1.5
    cpe:2.3:a:mozilla:mozilla:1.5
  • Mozilla Mozilla 1.5.1
    cpe:2.3:a:mozilla:mozilla:1.5.1
  • Mozilla Mozilla 1.6
    cpe:2.3:a:mozilla:mozilla:1.6
  • cpe:2.3:a:omnigroup:omniweb:5
    cpe:2.3:a:omnigroup:omniweb:5
  • cpe:2.3:a:opera_software:opera_web_browser:7.54
    cpe:2.3:a:opera_software:opera_web_browser:7.54
CVSS
Base: 7.5 (as of 06-06-2005 - 11:35)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_101.NASL
    description The installed version of Firefox is earlier than 1.0.1. Such versions have multiple security issues, including vulnerabilities that could allow an attacker to impersonate a website by using an International Domain Name, or vulnerabilities that could allow arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 17218
    published 2005-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17218
    title Firefox < 1.0.1 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-335.NASL
    description Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CVE-2005-0147) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CVE-2004-1380) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CVE-2005-0149) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CVE-2005-0142) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CVE-2005-0141) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CVE-2005-0144) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CVE-2005-0143) A bug was found in the way Mozilla displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17626
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17626
    title RHEL 4 : mozilla (RHSA-2005:335)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-10 (Mozilla Firefox: Various vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL 'secure site' indicator (CAN-2005-0593) Matt Brubeck reported a possible Autocomplete data leak (CAN-2005-0589) Georgi Guninski discovered that XSLT can include stylesheets from arbitrary hosts (CAN-2005-0588) Secunia discovered a way of injecting content into a popup opened by another website (CAN-2004-1156) Phil Ringnalda reported a possible way to spoof Install source with user:pass@host (CAN-2005-0590) Jakob Balle from Secunia discovered a possible way of spoofing the Download dialog source (CAN-2005-0585) Christian Schmidt reported a potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584) Andreas Sanblad from Secunia discovered a possible way of spoofing the Download dialog using the Content-Disposition header (CAN-2005-0586) Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that Firefox insecurely creates temporary filenames in /tmp/plugtmp (CAN-2005-0578) Impact : By setting up malicious websites and convincing users to follow untrusted links or obey very specific drag-and-drop or download instructions, attackers may leverage the various spoofing issues to fake other websites to get access to confidential information, push users to download malicious files or make them interact with their browser preferences. The temporary directory issue allows local attackers to overwrite arbitrary files with the rights of another local user. The overflow issues, while not thought to be exploitable, may allow a malicious downloaded page to execute arbitrary code with the rights of the user viewing the page. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 17276
    published 2005-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17276
    title GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-149-3.NASL
    description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20546
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20546
    title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-058.NASL
    description A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CVE-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CVE-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CVE-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 17346
    published 2005-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17346
    title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:058)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-176.NASL
    description Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue. A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A bug was found in the way Firefox allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527). A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Firefox handles plug-in temporary files. A malicious local user could create a symlink to a victims directory, causing it to be deleted when the victim exits Firefox. (CVE-2005-0578) A bug has been found in one of Firefox's UTF-8 converters. It may be possible for an attacker to supply a specially crafted UTF-8 string to the buggy converter, leading to arbitrary code execution. (CVE-2005-0592) A bug was found in the Firefox JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed which could result in remote code execution or information disclosure. (CVE-2005-0231) A bug was found in the way Firefox displays the HTTP authentication prompt. When a user is prompted for authentication, the dialog window is displayed over the active tab, regardless of the tab that caused the pop-up to appear and could trick a user into entering their username and password for a trusted site. (CVE-2005-0584) A bug was found in the way Firefox displays the save file dialog. It is possible for a malicious webserver to spoof the Content-Disposition header, tricking the user into thinking they are downloading a different filetype. (CVE-2005-0586) A bug was found in the way Firefox handles users 'down-arrow' through auto completed choices. When an autocomplete choice is selected, the information is copied into the input control, possibly allowing a malicious website to steal information by tricking a user into arrowing through autocompletion choices. (CVE-2005-0589) Several bugs were found in the way Firefox displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CVE-2005-0593) A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585) A bug was found in the way Firefox handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588) A bug was found in the way Firefox displays the installation confirmation dialog. An attacker could add a long user:pass before the true hostname, tricking a user into thinking they were installing content from a trusted source. (CVE-2005-0590) A bug was found in the way Firefox displays download and security dialogs. An attacker could cover up part of a dialog window tricking the user into clicking 'Allow' or 'Open', which could potentially lead to arbitrary code execution. (CVE-2005-0591) Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.1 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 17252
    published 2005-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17252
    title RHEL 4 : firefox (RHSA-2005:176)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-30 (Mozilla Suite: Multiple vulnerabilities) The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CAN-2005-0399) Michael Krax reported that plugins can be used to load privileged content and trick the user to interact with it (CAN-2005-0232, CAN-2005-0527) Michael Krax also reported potential spoofing or cross-site-scripting issues through overlapping windows, image or scrollbar drag-and-drop, and by dropping javascript: links on tabs (CAN-2005-0230, CAN-2005-0231, CAN-2005-0401, CAN-2005-0591) Daniel de Wildt and Gael Delalleau discovered a memory overwrite in a string library (CAN-2005-0255) Wind Li discovered a possible heap overflow in UTF8 to Unicode conversion (CAN-2005-0592) Eric Johanson reported that Internationalized Domain Name (IDN) features allow homograph attacks (CAN-2005-0233) Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported various ways of spoofing the SSL 'secure site' indicator (CAN-2005-0593) Georgi Guninski discovered that XSLT can include stylesheets from arbitrary hosts (CAN-2005-0588) Secunia discovered a way of injecting content into a popup opened by another website (CAN-2004-1156) Phil Ringnalda reported a possible way to spoof Install source with user:pass@host (CAN-2005-0590) Jakob Balle from Secunia discovered a possible way of spoofing the Download dialog source (CAN-2005-0585) Christian Schmidt reported a potential spoofing issue in HTTP auth prompt tab (CAN-2005-0584) Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that Mozilla insecurely creates temporary filenames in /tmp/plugtmp (CAN-2005-0578) Impact : The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Mozilla. The other overflow issues, while not thought to be exploitable, would have the same impact By setting up malicious websites and convincing users to follow untrusted links or obey very specific drag-and-drop or download instructions, attackers may leverage the various spoofing issues to fake other websites to get access to confidential information, push users to download malicious files or make them interact with their browser preferences The temporary directory issue allows local attackers to overwrite arbitrary files with the rights of another local user Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 17619
    published 2005-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17619
    title GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-384.NASL
    description Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CVE-2005-0143 CVE-2005-0593) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CVE-2005-0142 CVE-2005-0578) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CVE-2005-0586 CVE-2005-0591 CVE-2005-0585 CVE-2005-0590 CVE-2005-0584) A bug was found in the Mozilla JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed, which could result in remote code execution or information disclosure. (CVE-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CVE-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. (CVE-2005-1153) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CVE-2005-1156 CVE-2005-1157) Several bugs were found in the Mozilla JavaScript engine. A malicious web page could leverage these issues to execute JavaScript with elevated privileges or steal sensitive information. (CVE-2005-1154 CVE-2005-1155 CVE-2005-1159 CVE-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21930
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21930
    title CentOS 3 : mozilla (CESA-2005:384)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-384.NASL
    description Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CVE-2005-0143 CVE-2005-0593) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CVE-2005-0146) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CVE-2005-0142 CVE-2005-0578) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CVE-2005-0401) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CVE-2005-0586 CVE-2005-0591 CVE-2005-0585 CVE-2005-0590 CVE-2005-0584) A bug was found in the Mozilla JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed, which could result in remote code execution or information disclosure. (CVE-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CVE-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious JavaScript, the script will be executed with elevated privileges. (CVE-2005-1153) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CVE-2005-1156 CVE-2005-1157) Several bugs were found in the Mozilla JavaScript engine. A malicious web page could leverage these issues to execute JavaScript with elevated privileges or steal sensitive information. (CVE-2005-1154 CVE-2005-1155 CVE-2005-1159 CVE-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18162
    published 2005-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18162
    title RHEL 2.1 / 3 : Mozilla (RHSA-2005:384)
oval via4
  • accepted 2007-05-09T16:10:38.131-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Christine Walzer
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
    family windows
    id oval:org.mitre.oval:def:100029
    status accepted
    submitted 2005-08-16T04:00:00.000-04:00
    title Mozilla IDN Homograph Spoofing Vulnerability
    version 6
  • accepted 2013-04-29T04:12:31.569-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
    family unix
    id oval:org.mitre.oval:def:11229
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
    version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:176
  • rhsa
    id RHSA-2005:384
refmap via4
bid 12461
bugtraq 20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
confirm http://www.mozilla.org/security/announce/mfsa2005-29.html
fulldisc 20050206 state of homograph attacks
gentoo
  • GLSA-200503-10
  • GLSA-200503-30
misc
suse SUSE-SA:2005:016
xf multiple-browsers-idn-spoof(19236)
Last major update 17-10-2016 - 23:08
Published 08-02-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top