CVE - CVE-2005-2871

CVE-ID
CVE-2005-2871	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FULLDISC:20050909 Mozilla Firefox "Host:" Buffer Overflow URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387&w=2 MISC:http://www.security-protocols.com/firefox-death.html MISC:http://www.security-protocols.com/advisory/sp-x17-advisory.txt FULLDISC:20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-57.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=307259 DEBIAN:DSA-837 URL:http://www.debian.org/security/2005/dsa-837 DEBIAN:DSA-868 URL:http://www.debian.org/security/2005/dsa-868 DEBIAN:DSA-866 URL:http://www.debian.org/security/2005/dsa-866 FEDORA:FLSA-2006:168375 URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html GENTOO:GLSA-200509-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml HP:HPSBUX01133 HP:SSRT5940 MANDRIVA:MDKSA-2005:174 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 REDHAT:RHSA-2005:768 URL:http://www.redhat.com/support/errata/RHSA-2005-768.html REDHAT:RHSA-2005:769 URL:http://www.redhat.com/support/errata/RHSA-2005-769.html REDHAT:RHSA-2005:791 URL:http://www.redhat.com/support/errata/RHSA-2005-791.html UBUNTU:USN-181-1 URL:http://www.ubuntu.com/usn/usn-181-1 CERT-VN:VU#573857 URL:http://www.kb.cert.org/vuls/id/573857 CIAC:P-303 URL:http://www.ciac.org/ciac/bulletins/p-303.shtml MISC:http://www.securiteam.com/securitynews/5RP0B0UGVW.html BID:14784 URL:http://www.securityfocus.com/bid/14784 OVAL:oval:org.mitre.oval:def:9608 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9608 VUPEN:ADV-2005-1690 URL:http://www.vupen.com/english/advisories/2005/1690 VUPEN:ADV-2005-1691 URL:http://www.vupen.com/english/advisories/2005/1691 VUPEN:ADV-2005-1824 URL:http://www.vupen.com/english/advisories/2005/1824 OSVDB:19255 URL:http://www.osvdb.org/19255 OVAL:oval:org.mitre.oval:def:1287 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1287 OVAL:oval:org.mitre.oval:def:584 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:584 SECTRACK:1014877 URL:http://securitytracker.com/id?1014877 SECUNIA:16764 URL:http://secunia.com/advisories/16764 SECUNIA:16766 URL:http://secunia.com/advisories/16766 SECUNIA:16767 URL:http://secunia.com/advisories/16767 SECUNIA:17042 URL:http://secunia.com/advisories/17042 SECUNIA:17090 URL:http://secunia.com/advisories/17090 SECUNIA:17284 URL:http://secunia.com/advisories/17284 SECUNIA:17263 URL:http://secunia.com/advisories/17263 SREASON:83 URL:http://securityreason.com/securityalert/83 XF:mozilla-url-bo(22207) URL:http://xforce.iss.net/xforce/xfdb/22207
Date Entry Created
20050909	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050909)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2016, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us