ID CVE-2005-2871
Summary Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
References
Vulnerable Configurations
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
CVSS
Base: 7.5 (as of 12-09-2005 - 07:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Mozilla Browsers 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (v2). CVE-2005-2871. Remote exploit for windows platform
id EDB-ID:1224
last seen 2016-01-31
modified 2005-09-22
published 2005-09-22
reporter Skylined
source https://www.exploit-db.com/download/1224/
title Mozilla Browsers 0xAD HOST: Remote Heap Buffer Overrun Exploit 2
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-769.NASL
    description An updated mozilla package that fixes a security bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19677
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19677
    title RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:769)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-174.NASL
    description Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353). A bug in the way Thunderbird processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Thunderbird handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Thunderbird makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703). A bug in the way Thunderbird implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Thunderbird's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Thunderbird displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706). A bug in the way Thunderbird opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). A bug in the way Thunderbird proceesed URLs on the command line could be used to execute arbitary commands as the user running Thunderbird; this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968). Tom Ferris reported that Thunderbird would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non-wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20428
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20428
    title Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-768.NASL
    description An updated firefox package that fixes as security bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Firefox to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Firefox are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19676
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19676
    title RHEL 4 : firefox (RHSA-2005:768)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8665EBB9223711DA978E0001020EED82.NASL
    description Tom Ferris reports : A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host. The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the What Firefox and Mozilla users should know about the IDN buffer overflow security issue web page.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 21463
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21463
    title FreeBSD : firefox & mozilla -- buffer overflow vulnerability (8665ebb9-2237-11da-978e-0001020eed82)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-962.NASL
    description An updated thunderbird package that fixes various bugs is now available for Fedora Core 3. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of the browser is to disallow this. (CVE-2005-2703) A bug was found in the way Thunderbird implemented its XBL interface. It may be possible for a malicious web page to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Thunderbird 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CVE-2005-2704) An integer overflow bug was found in Thunderbird's JavaScript engine. Under favorable conditions, it may be possible for a malicious mail message to execute arbitrary code as the user running Thunderbird. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2005-2705) A bug was found in the way Thunderbird displays about: pages. It is possible for a malicious web page to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706) A bug was found in the way Thunderbird opens new windows. It is possible for a malicious website to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CVE-2005-2707) A bug was found in the way Thunderbird processes URLs passed to it on the command line. If a user passes a malformed URL to Thunderbird, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Thunderbird. (CVE-2005-2968) Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.7 and is not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19883
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19883
    title Fedora Core 3 : thunderbird-1.0.7-1.1.fc3 (2005-962)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-769.NASL
    description An updated mozilla package that fixes a security bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21856
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21856
    title CentOS 3 / 4 : mozilla (CESA-2005:769)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_106.NASL
    description The remote host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, several of which are critical as they can be easily exploited to execute arbitrary shell code on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19719
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19719
    title Firefox < 1.0.7 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-866.NASL
    description Several security-related problems have been discovered in Mozilla and derived programs. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes. - CAN-2005-2701 A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. - CAN-2005-2702 Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed. - CAN-2005-2703 Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies. - CAN-2005-2704 Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface. - CAN-2005-2705 Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code. - CAN-2005-2706 Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla. - CAN-2005-2707 Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks. - CAN-2005-2968 Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 20063
    published 2005-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20063
    title Debian DSA-866-1 : mozilla - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-11 (Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities) The Mozilla Suite and Firefox are both vulnerable to the following issues: Tom Ferris reported a heap overflow in IDN-enabled browsers with malicious Host: headers (CAN-2005-2871). 'jackerror' discovered a heap overrun in XBM image processing (CAN-2005-2701). Mats Palmgren reported a potentially exploitable stack corruption using specific Unicode sequences (CAN-2005-2702). Georgi Guninski discovered an integer overflow in the JavaScript engine (CAN-2005-2705) Other issues ranging from DOM object spoofing to request header spoofing were also found and fixed in the latest versions (CAN-2005-2703, CAN-2005-2704, CAN-2005-2706, CAN-2005-2707). The Gecko engine in itself is also affected by some of these issues and has been updated as well. Impact : A remote attacker could setup a malicious site and entice a victim to visit it, potentially resulting in arbitrary code execution with the victim's privileges or facilitated spoofing of known websites. Workaround : There is no known workaround for all the issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 19810
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19810
    title GLSA-200509-11 : Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-169.NASL
    description A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Firefox handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Firefox makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703). A bug in the way Firefox implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Firefox's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Firefox displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706). A bug in the way Firefox opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). A bug in the way Firefox proceesed URLs on the command line could be used to execute arbitary commands as the user running Firefox; this could be abused by clicking on a supplied link, such as from an instant messaging client (CVE-2005-2968). Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to address these issues and all users are urged to upgrade immediately.
    last seen 2017-10-29
    modified 2012-09-07
    plugin id 20425
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20425
    title MDKSA-2005:169 : mozilla-firefox
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-868.NASL
    description Several security-related problems have been discovered in Mozilla and derived programs. Some of the following problems don't exactly apply to Mozilla Thunderbird, even though the code is present. In order to keep the codebase in sync with upstream it has been altered nevertheless. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes. - CAN-2005-2701 A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. - CAN-2005-2702 Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed. - CAN-2005-2703 Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies. - CAN-2005-2704 Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface. - CAN-2005-2705 Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code. - CAN-2005-2706 Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla. - CAN-2005-2707 Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks. - CAN-2005-2968 Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 20071
    published 2005-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20071
    title Debian DSA-868-1 : mozilla-thunderbird - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-791.NASL
    description An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of Thunderbird is to disallow such actions. (CVE-2005-2703) A bug was found in the way Thunderbird implemented its XBL interface. It may be possible for a malicious HTML mail to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Thunderbird 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CVE-2005-2704) An integer overflow bug was found in Thunderbird's JavaScript engine. Under favorable conditions, it may be possible for a malicious mail message to execute arbitrary code as the user running Thunderbird. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2005-2705) A bug was found in the way Thunderbird displays about: pages. It is possible for a malicious HTML mail to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706) A bug was found in the way Thunderbird opens new windows. It is possible for a malicious HTML mail to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CVE-2005-2707) A bug was found in the way Thunderbird processes URLs passed to it on the command line. If a user passes a malformed URL to Thunderbird, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Thunderbird. (CVE-2005-2968) Users of Thunderbird are advised to upgrade to this updated package, which contains Thunderbird version 1.0.7 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21964
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21964
    title CentOS 4 : thunderbird (CESA-2005:791)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_107.NASL
    description The remote host is using Mozilla Thunderbird, an email client. The remote version of this software contains various security issues that could allow an attacker to execute arbitrary code on the remote host and to disguise URLs.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19694
    published 2005-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19694
    title Mozilla Thunderbird < 1.0.7 IDN URL Domain Name Overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-170.NASL
    description A number of vulnerabilities have been discovered in Mozilla that have been corrected in version 1.7.12 : A bug in the way Mozilla processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file (CVE-2005-2701). A bug in the way Mozilla handles certain Unicode sequences could be used to execute arbitrary code via viewing a specially crafted Unicode sequence (CVE-2005-2702). A bug in the way Mozilla makes XMLHttp requests could be abused by a malicious web page to exploit other proxy or server flaws from the victim's machine; however, the default behaviour of the browser is to disallow this (CVE-2005-2703). A bug in the way Mozilla implemented its XBL interface could be abused by a malicious web page to create an XBL binding in such a way as to allow arbitrary JavaScript execution with chrome permissions (CVE-2005-2704). An integer overflow in Mozilla's JavaScript engine could be manipulated in certain conditions to allow a malicious web page to execute arbitrary code (CVE-2005-2705). A bug in the way Mozilla displays about: pages could be used to execute JavaScript with chrome privileges (CVE-2005-2706). A bug in the way Mozilla opens new windows could be used by a malicious web page to construct a new window without any user interface elements (such as address bar and status bar) that could be used to potentially mislead the user (CVE-2005-2707). Tom Ferris reported that Firefox would crash when processing a domain name consisting solely of soft-hyphen characters due to a heap overflow when IDN processing results in an empty string after removing non- wrapping chracters, such as soft-hyphens. This could be exploited to run or or install malware on the user's computer (CVE-2005-2871). The updated packages have been patched to address these issues and all users are urged to upgrade immediately.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19923
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19923
    title Mandrake Linux Security Advisory : mozilla (MDKSA-2005:170)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-791.NASL
    description An updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML mail, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. Thunderbird as shipped with Red Hat Enterprise Linux 4 must have international domain names enabled by the user in order to be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted HTML mail containing Unicode sequences. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious HTML mail could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of Thunderbird is to disallow such actions. (CVE-2005-2703) A bug was found in the way Thunderbird implemented its XBL interface. It may be possible for a malicious HTML mail to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Thunderbird 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CVE-2005-2704) An integer overflow bug was found in Thunderbird's JavaScript engine. Under favorable conditions, it may be possible for a malicious mail message to execute arbitrary code as the user running Thunderbird. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2005-2705) A bug was found in the way Thunderbird displays about: pages. It is possible for a malicious HTML mail to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706) A bug was found in the way Thunderbird opens new windows. It is possible for a malicious HTML mail to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CVE-2005-2707) A bug was found in the way Thunderbird processes URLs passed to it on the command line. If a user passes a malformed URL to Thunderbird, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Thunderbird. (CVE-2005-2968) Users of Thunderbird are advised to upgrade to this updated package, which contains Thunderbird version 1.0.7 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19995
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19995
    title RHEL 4 : thunderbird (RHSA-2005:791)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-837.NASL
    description Tom Ferris discovered a bug in the IDN hostname handling of Mozilla Firefox, which is also present in the other browsers from the same family that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19806
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19806
    title Debian DSA-837-1 : mozilla-firefox - buffer overflow
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-963.NASL
    description An updated thunderbird package that fixes various bugs is now available for Fedora Core 4. This update has been rated as having important security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Thunderbird to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. A bug was found in the way Thunderbird processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Thunderbird if the user views a specially crafted Unicode sequence. (CVE-2005-2702) A bug was found in the way Thunderbird makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of the browser is to disallow this. (CVE-2005-2703) A bug was found in the way Thunderbird implemented its XBL interface. It may be possible for a malicious web page to create an XBL binding in such a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Thunderbird 1.0.6 this issue is not directly exploitable and will need to leverage other unknown exploits. (CVE-2005-2704) An integer overflow bug was found in Thunderbird's JavaScript engine. Under favorable conditions, it may be possible for a malicious mail message to execute arbitrary code as the user running Thunderbird. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2005-2705) A bug was found in the way Thunderbird displays about: pages. It is possible for a malicious web page to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706) A bug was found in the way Thunderbird opens new windows. It is possible for a malicious website to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CVE-2005-2707) A bug was found in the way Thunderbird processes URLs passed to it on the command line. If a user passes a malformed URL to Thunderbird, such as clicking on a link in an instant messaging program, it is possible to execute arbitrary commands as the user running Thunderbird. (CVE-2005-2968) Users of Thunderbird are advised to upgrade to this updated package that contains Thunderbird version 1.0.7 and is not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19884
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19884
    title Fedora Core 4 : thunderbird-1.0.7-1.1.fc4 (2005-963)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-768.NASL
    description An updated firefox package that fixes as security bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Firefox to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Firefox are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21962
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21962
    title CentOS 4 : firefox (CESA-2005:768)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-181-1.NASL
    description Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird). By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application. It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been confirmed. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20592
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20592
    title Ubuntu 4.10 / 5.04 : mozilla, mozilla-thunderbird, mozilla-firefox vulnerabilities (USN-181-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-872.NASL
    description An updated firefox package that fixes as security bug is now available for Fedora Core 3 and Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Firefox to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Firefox are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19734
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19734
    title Fedora Core 3 : firefox-1.0.6-1.2.fc3 (2005-872)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-873.NASL
    description An updated mozilla package that fixes a security bug is now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19735
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19735
    title Fedora Core 4 : mozilla-1.7.10-1.5.2 (2005-873)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-871.NASL
    description An updated firefox package that fixes as security bug is now available for Fedora Core 4. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Firefox to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Firefox are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19733
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19733
    title Fedora Core 4 : firefox-1.0.6-1.2.fc4 (2005-871)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-874.NASL
    description An updated mozilla package that fixes a security bug is now available for Fedora Core 3. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2871 to this issue. Users of Mozilla are advised to upgrade to this updated package that contains a backported patch and is not vulnerable to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19736
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19736
    title Fedora Core 3 : mozilla-1.7.10-1.3.2 (2005-874)
oval via4
  • accepted 2006-02-01T09:08:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family unix
    id oval:org.mitre.oval:def:1287
    status accepted
    submitted 2005-11-30T12:00:00.000-04:00
    title Mozilla IDN heap overrun using soft-hyphens
    version 32
  • accepted 2007-05-09T16:11:06.815-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family windows
    id oval:org.mitre.oval:def:584
    status accepted
    submitted 2005-11-11T12:00:00.000-04:00
    title Mozilla IDN heap overrun using soft-hyphens
    version 4
  • accepted 2013-04-29T04:20:38.577-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    family unix
    id oval:org.mitre.oval:def:9608
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    version 23
packetstorm via4
data source https://packetstormsecurity.com/files/download/40211/pwnzilla.txt
id PACKETSTORM:40211
last seen 2016-12-05
published 2005-09-23
reporter SkyLined
source https://packetstormsecurity.com/files/40211/pwnzilla.txt.html
title pwnzilla.txt
redhat via4
advisories
  • rhsa
    id RHSA-2005:768
  • rhsa
    id RHSA-2005:769
  • rhsa
    id RHSA-2005:791
refmap via4
bid 14784
cert-vn VU#573857
ciac P-303
confirm
debian
  • DSA-837
  • DSA-866
  • DSA-868
fedora FLSA-2006:168375
fulldisc
  • 20050909 Mozilla Firefox "Host:" Buffer Overflow
  • 20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox
gentoo GLSA-200509-11
hp
  • HPSBUX01133
  • SSRT5940
mandriva MDKSA-2005:174
misc
osvdb 19255
sectrack 1014877
secunia
  • 16764
  • 16766
  • 16767
  • 17042
  • 17090
  • 17263
  • 17284
sreason 83
ubuntu USN-181-1
vupen
  • ADV-2005-1690
  • ADV-2005-1691
  • ADV-2005-1824
xf mozilla-url-bo(22207)
Last major update 17-10-2016 - 23:31
Published 09-09-2005 - 14:03
Last modified 02-05-2018 - 21:29
Back to Top