Lucene search

K

[email protected]CVE-2005-2871

HistorySep 09, 2005 - 6:03 p.m.

CVE-2005-2871

2005-09-0918:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

61

cve-2005-2871

buffer overflow

mozilla firefox

netscape

international domain name (idn)

remote attack

denial of service

arbitrary code execution

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all “soft” hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq1.0.2
mozilla:firefoxmozilla firefoxeq1.5
mozilla:firefoxmozilla firefoxeq1.0.4
mozilla:firefoxmozilla firefoxeq1.0
mozilla:firefoxmozilla firefoxeq1.0.1
mozilla:firefoxmozilla firefoxeq1.0.3
mozilla:firefoxmozilla firefoxeq1.0.5
mozilla:firefoxmozilla firefoxeq1.0.6

References

archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html

marc.info/?l=full-disclosure&m=112624614008387&w=2

secunia.com/advisories/16764

secunia.com/advisories/16766

secunia.com/advisories/16767

secunia.com/advisories/17042

secunia.com/advisories/17090

secunia.com/advisories/17263

secunia.com/advisories/17284

securityreason.com/securityalert/83

securitytracker.com/id?1014877

www.ciac.org/ciac/bulletins/p-303.shtml

www.debian.org/security/2005/dsa-837

www.debian.org/security/2005/dsa-866

www.debian.org/security/2005/dsa-868

www.gentoo.org/security/en/glsa/glsa-200509-11.xml

www.kb.cert.org/vuls/id/573857

www.mandriva.com/security/advisories?name=MDKSA-2005:174

www.mozilla.org/security/announce/mfsa2005-57.html

www.osvdb.org/19255

www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

www.redhat.com/support/errata/RHSA-2005-768.html

www.redhat.com/support/errata/RHSA-2005-769.html

www.redhat.com/support/errata/RHSA-2005-791.html

www.securiteam.com/securitynews/5RP0B0UGVW.html

www.security-protocols.com/advisory/sp-x17-advisory.txt

www.security-protocols.com/firefox-death.html

www.securityfocus.com/bid/14784

www.ubuntu.com/usn/usn-181-1

www.vupen.com/english/advisories/2005/1690

www.vupen.com/english/advisories/2005/1691

www.vupen.com/english/advisories/2005/1824

bugzilla.mozilla.org/show_bug.cgi?id=307259

exchange.xforce.ibmcloud.com/vulnerabilities/22207

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

Related for CVE-2005-2871

checkpoint_advisories2 nessus23 centos4 ubuntu1 openvas13 debian6 redhat3 packetstorm1 osv3 cert1 freebsd1 ubuntucve1 gentoo1