CVE-2005-0233
Summary
| CVE | CVE-2005-0233 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-02-08 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Camino | 0.8.5 | All | All | All |
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Mozilla | All | All | All | All |
| Application | Omnigroup | Omniweb | 5 | All | All | All |
| Application | Opera | Opera Browser | All | All | All | All |
| Application | Opera Software | Opera Web Browser | 7.54 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Broken Link |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Tool Signature |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.shmoo.com | Broken Link, Exploit, Vendor Advisory |
| Gentoo Linux Documentation -- Mozilla Firefox: Various vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | Exploit, Patch, Third Party Advisory, Vendor Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Tool Signature |
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.shmoo.com | Broken Link, Exploit, Vendor Advisory |
| Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| [Full-Disclosure] state of homograph attacks | af854a3a-2127-422b-91ae-364da2661108 | lists.grok.org.uk | Broken Link, Exploit, Vendor Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Broken Link |
| Security Announcement | af854a3a-2127-422b-91ae-364da2661108 | www.novell.com | Broken Link, Exploit, Patch, Vendor Advisory |
| Gentoo Linux Documentation -- Mozilla Suite: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | Exploit, Patch, Third Party Advisory, Vendor Advisory |
| 'International Domain Name [IDN] support in modern browsers allows' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List |
| MFSA 2005-29: Internationalized Domain Name (IDN) homograph spoofing | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Exploit, Patch, Third Party Advisory, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.