{"api_version":"1","generated_at":"2026-04-24T18:30:14+00:00","cve":"CVE-2005-0233","urls":{"html":"https://cve.report/CVE-2005-0233","api":"https://cve.report/api/cve/CVE-2005-0233.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-0233","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-0233"},"summary":{"title":"CVE-2005-0233","description":"The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.","state":"PUBLISHED","assigner":"redhat","published_at":"2005-02-08 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.redhat.com/support/errata/RHSA-2005-384.html","name":"http://www.redhat.com/support/errata/RHSA-2005-384.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Tool Signature"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19236","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19236","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.shmoo.com/idn","name":"http://www.shmoo.com/idn","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Vendor Advisory"],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  Mozilla Firefox: Various vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Tool Signature"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.shmoo.com/idn/homograph.txt","name":"http://www.shmoo.com/idn/homograph.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Vendor Advisory"],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/12461","name":"http://www.securityfocus.com/bid/12461","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Vendor Advisory"],"title":"[Full-Disclosure] state of homograph attacks","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2005-176.html","name":"http://www.redhat.com/support/errata/RHSA-2005-176.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html","name":"http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Patch","Vendor Advisory"],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  Mozilla Suite: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=110782704923280&w=2","name":"http://marc.info/?l=bugtraq&m=110782704923280&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"'International Domain Name [IDN] support in modern browsers allows' - MARC","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/mfsa2005-29.html","name":"http://www.mozilla.org/security/announce/mfsa2005-29.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","Vendor Advisory"],"title":"MFSA 2005-29: Internationalized Domain Name (IDN) homograph spoofing","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-0233","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0233","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"camino","cpe6":"0.8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"mozilla","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"omnigroup","cpe5":"omniweb","cpe6":"5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"7.54","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opera","cpe5":"opera_browser","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"233","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opera_software","cpe5":"opera_web_browser","cpe6":"7.54","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:05:25.422Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.shmoo.com/idn/homograph.txt"},{"name":"multiple-browsers-idn-spoof(19236)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"},{"name":"20050206 state of homograph attacks","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.shmoo.com/idn"},{"name":"SUSE-SA:2005:016","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"},{"name":"oval:org.mitre.oval:def:11229","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"},{"name":"oval:org.mitre.oval:def:100029","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"},{"name":"RHSA-2005:176","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2005-176.html"},{"name":"RHSA-2005:384","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2005-384.html"},{"name":"GLSA-200503-30","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"},{"name":"GLSA-200503-10","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"},{"name":"20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=110782704923280&w=2"},{"name":"12461","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/12461"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/mfsa2005-29.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-02-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-10-10T00:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.shmoo.com/idn/homograph.txt"},{"name":"multiple-browsers-idn-spoof(19236)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"},{"name":"20050206 state of homograph attacks","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"},{"tags":["x_refsource_MISC"],"url":"http://www.shmoo.com/idn"},{"name":"SUSE-SA:2005:016","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"},{"name":"oval:org.mitre.oval:def:11229","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"},{"name":"oval:org.mitre.oval:def:100029","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"},{"name":"RHSA-2005:176","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2005-176.html"},{"name":"RHSA-2005:384","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2005-384.html"},{"name":"GLSA-200503-30","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"},{"name":"GLSA-200503-10","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"},{"name":"20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=110782704923280&w=2"},{"name":"12461","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/12461"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/mfsa2005-29.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2005-0233","datePublished":"2005-02-07T05:00:00.000Z","dateReserved":"2005-02-07T00:00:00.000Z","dateUpdated":"2024-08-07T21:05:25.422Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-02-08 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*","matchCriteriaId":"D044E602-45A5-4B14-8B16-B0978D985027"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*","matchCriteriaId":"5A545A77-2198-4685-A87F-E0F2DAECECF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.6","matchCriteriaId":"E6F232DA-F897-4429-922E-F5CFF865A8AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*","matchCriteriaId":"ECD3E937-C813-4564-9E3C-D009D39E8A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*","versionEndIncluding":"7.54","matchCriteriaId":"BFE75E76-E20D-47A4-9603-0AF46F733AEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*","matchCriteriaId":"142EB1E3-2918-4792-83D7-9D7B6A3BD26B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"233","Ordinal":"1","Title":"CVE-2005-0233","CVE":"CVE-2005-0233","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"233","Ordinal":"1","NoteData":"The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.","Type":"Description","Title":"CVE-2005-0233"},{"CveYear":"2005","CveId":"233","Ordinal":"2","NoteData":"2005-02-07","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"233","Ordinal":"3","NoteData":"2017-10-09","Type":"Other","Title":"Modified"}]}}}