CVE-2005-0233
Summary
| CVE | CVE-2005-0233 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-02-08 05:00:00 UTC |
| Updated | 2022-02-28 17:41:00 UTC |
| Description | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Camino | 0.8.5 | All | All | All |
| Application | Mozilla | Camino | 0.8.5 | All | All | All |
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Mozilla | All | All | All | All |
| Application | Mozilla | Mozilla | 0.8 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.3 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.35 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.48 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.5 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.6 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.7 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.8 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.9 | All | All | All |
| Application | Mozilla | Mozilla | 1.0 | All | All | All |
| Application | Mozilla | Mozilla | 1.0 | rc1 | All | All |
| Application | Mozilla | Mozilla | 1.0 | rc2 | All | All |
| Application | Mozilla | Mozilla | 1.0.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.0.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.1 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.1 | beta | All | All |
| Application | Mozilla | Mozilla | 1.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.2 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.2 | beta | All | All |
| Application | Mozilla | Mozilla | 1.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.3 | All | All | All |
| Application | Mozilla | Mozilla | 1.3.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.4 | All | All | All |
| Application | Mozilla | Mozilla | 1.4 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.4 | beta | All | All |
| Application | Mozilla | Mozilla | 1.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.4.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.4.4 | All | All | All |
| Application | Mozilla | Mozilla | 1.5 | All | All | All |
| Application | Mozilla | Mozilla | 1.5.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.6 | All | All | All |
| Application | Mozilla | Mozilla | 0.8 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.3 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.35 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.48 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.5 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.6 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.7 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.8 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.9 | All | All | All |
| Application | Mozilla | Mozilla | 1.0 | All | All | All |
| Application | Mozilla | Mozilla | 1.0 | rc1 | All | All |
| Application | Mozilla | Mozilla | 1.0 | rc2 | All | All |
| Application | Mozilla | Mozilla | 1.0.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.0.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.1 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.1 | beta | All | All |
| Application | Mozilla | Mozilla | 1.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.2 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.2 | beta | All | All |
| Application | Mozilla | Mozilla | 1.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.3 | All | All | All |
| Application | Mozilla | Mozilla | 1.3.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.4 | All | All | All |
| Application | Mozilla | Mozilla | 1.4 | alpha | All | All |
| Application | Mozilla | Mozilla | 1.4 | beta | All | All |
| Application | Mozilla | Mozilla | 1.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.4.2 | All | All | All |
| Application | Mozilla | Mozilla | 1.4.4 | All | All | All |
| Application | Mozilla | Mozilla | 1.5 | All | All | All |
| Application | Mozilla | Mozilla | 1.5.1 | All | All | All |
| Application | Mozilla | Mozilla | 1.6 | All | All | All |
| Application | Omnigroup | Omniweb | 5 | All | All | All |
| Application | Omnigroup | Omniweb | 5 | All | All | All |
| Application | Opera | Opera Browser | All | All | All | All |
| Application | Opera Software | Opera Web Browser | 7.54 | All | All | All |
| Application | Opera Software | Opera Web Browser | 7.54 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Gentoo Linux Documentation -- Mozilla Firefox: Various vulnerabilities | GENTOO | www.gentoo.org | Exploit, Patch, Vendor Advisory |
| 404 Not Found | MISC | www.shmoo.com | Exploit, Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Gentoo Linux Documentation -- Mozilla Suite: Multiple vulnerabilities | GENTOO | www.gentoo.org | Exploit, Patch, Vendor Advisory |
| MFSA 2005-29: Internationalized Domain Name (IDN) homograph spoofing | CONFIRM | www.mozilla.org | Exploit, Patch, Vendor Advisory |
| 'International Domain Name [IDN] support in modern browsers allows' - MARC | BUGTRAQ | marc.info | |
| Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities | BID | www.securityfocus.com | |
| Security Announcement | SUSE | www.novell.com | Exploit, Patch, Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| [Full-Disclosure] state of homograph attacks | FULLDISC | lists.grok.org.uk | Exploit, Vendor Advisory |
| 404 Not Found | MISC | www.shmoo.com | Exploit, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.