CVE-2005-0234

2005-02-0705:00:00

redhat

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

References

lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html

marc.info/?l=bugtraq&m=110782704923280&w=2

www.securityfocus.com/bid/12461

www.shmoo.com/idn

www.shmoo.com/idn/homograph.txt

exchange.xforce.ibmcloud.com/vulnerabilities/19236