Lucene search

K
mozillaMozilla FoundationMFSA2013-61
HistoryJun 25, 2013 - 12:00 a.m.

Homograph domain spoofing in .com, .net and .name — Mozilla

2013-06-2500:00:00
Mozilla Foundation
www.mozilla.org
28

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.0%

Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson that Verisign’s prevention measures for homograph attacks using Internationalized Domain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox.

Affected configurations

Vulners
Node
mozillafirefoxRange<22
OR
mozillaseamonkeyRange<2.19
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

73.0%