Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison in the process function in Idn.php, which does not necessarily treat xn-- labeled input as punycode, if it contains only ASCII. This case was overlooked in the specification until UTS 46 revision 33, when it was...

MDKSA-2005:169 : mozilla-firefox

A number of vulnerabilities have been discovered in Mozilla Firefox that have been corrected in version 1.0.7: A bug in the way Firefox processes XBM images could be used to execute arbitrary code via a specially crafted XBM image file CVE-2005-2701. A bug in the way Firefox handles certain Unico...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)

Updated Mozilla Thunderbird packages fix various vulnerabilities : The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files CVE-2005-2353. A bug in the way Thunderbird processes XBM images could be us...

IDN heap overrun using soft-hyphens — Mozilla

Tom Ferris reported a Firefox crash when processing a domain name consisting solely of soft-hyphen characters. This is due to a heap overrun triggered when Internationalized Domain Name IDN processing results in an empty string after removing non-mapping characters such as soft-hyphens. This...