4 matches found
golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...
EUVD-2026-31449
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
SUSE CVE-2004-0902
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service application crash or execute arbitrary code via 1 the "Send page" functionality, 2 certain responses from a...
Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow
Mozilla Browser 1.7.x - Non-ASCII Hostname Heap Overflow source: https://www.securityfocus.com/bid/11169/info Mozilla is prone to a remotely exploitable heap overflow that is exposed when the browser handles non-ASCII characters in URIs. This issue could be exploited by enticing a user to open a...