CVE - CVE-2005-2871

CVE-ID
CVE-2005-2871	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1014877 URL:http://securitytracker.com/id?1014877 MISC:14784 URL:http://www.securityfocus.com/bid/14784 MISC:16764 URL:http://secunia.com/advisories/16764 MISC:16766 URL:http://secunia.com/advisories/16766 MISC:16767 URL:http://secunia.com/advisories/16767 MISC:17042 URL:http://secunia.com/advisories/17042 MISC:17090 URL:http://secunia.com/advisories/17090 MISC:17263 URL:http://secunia.com/advisories/17263 MISC:17284 URL:http://secunia.com/advisories/17284 MISC:19255 URL:~~http://www.osvdb.org/19255~~ (Obsolete source) MISC:20050909 Mozilla Firefox "Host:" Buffer Overflow URL:http://marc.info/?l=full-disclosure&m=112624614008387&w=2 MISC:20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html MISC:83 URL:http://securityreason.com/securityalert/83 MISC:ADV-2005-1690 URL:~~http://www.vupen.com/english/advisories/2005/1690~~ (Obsolete source) MISC:ADV-2005-1691 URL:~~http://www.vupen.com/english/advisories/2005/1691~~ (Obsolete source) MISC:ADV-2005-1824 URL:~~http://www.vupen.com/english/advisories/2005/1824~~ (Obsolete source) MISC:DSA-837 URL:http://www.debian.org/security/2005/dsa-837 MISC:DSA-866 URL:http://www.debian.org/security/2005/dsa-866 MISC:DSA-868 URL:http://www.debian.org/security/2005/dsa-868 MISC:FLSA-2006:168375 URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html MISC:GLSA-200509-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml MISC:MDKSA-2005:174 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:174~~ (Obsolete source) MISC:P-303 URL:http://www.ciac.org/ciac/bulletins/p-303.shtml MISC:RHSA-2005:768 URL:http://www.redhat.com/support/errata/RHSA-2005-768.html MISC:RHSA-2005:769 URL:http://www.redhat.com/support/errata/RHSA-2005-769.html MISC:RHSA-2005:791 URL:http://www.redhat.com/support/errata/RHSA-2005-791.html MISC:USN-181-1 URL:http://www.ubuntu.com/usn/usn-181-1 MISC:VU#573857 URL:http://www.kb.cert.org/vuls/id/573857 MISC:http://www.mozilla.org/security/announce/mfsa2005-57.html URL:http://www.mozilla.org/security/announce/mfsa2005-57.html MISC:http://www.securiteam.com/securitynews/5RP0B0UGVW.html URL:http://www.securiteam.com/securitynews/5RP0B0UGVW.html MISC:http://www.security-protocols.com/advisory/sp-x17-advisory.txt URL:http://www.security-protocols.com/advisory/sp-x17-advisory.txt MISC:http://www.security-protocols.com/firefox-death.html URL:http://www.security-protocols.com/firefox-death.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=307259 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=307259 MISC:mozilla-url-bo(22207) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22207 MISC:oval:org.mitre.oval:def:1287 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287 MISC:oval:org.mitre.oval:def:584 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584 MISC:oval:org.mitre.oval:def:9608 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608
Assigning CNA
Red Hat, Inc.
Date Record Created
20050909	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050909)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)