CVE - CVE-2005-2871

CVE-ID
CVE-2005-2871	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:14784 URL:http://www.securityfocus.com/bid/14784 CERT-VN:VU#573857 URL:http://www.kb.cert.org/vuls/id/573857 CIAC:P-303 URL:http://www.ciac.org/ciac/bulletins/p-303.shtml CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-57.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=307259 DEBIAN:DSA-837 URL:http://www.debian.org/security/2005/dsa-837 DEBIAN:DSA-866 URL:http://www.debian.org/security/2005/dsa-866 DEBIAN:DSA-868 URL:http://www.debian.org/security/2005/dsa-868 FEDORA:FLSA-2006:168375 URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html FULLDISC:20050909 Mozilla Firefox "Host:" Buffer Overflow URL:http://marc.info/?l=full-disclosure&m=112624614008387&w=2 FULLDISC:20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html GENTOO:GLSA-200509-11 URL:http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml HP:HPSBUX01133 HP:SSRT5940 MANDRIVA:MDKSA-2005:174 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 MISC:http://www.securiteam.com/securitynews/5RP0B0UGVW.html MISC:http://www.security-protocols.com/advisory/sp-x17-advisory.txt MISC:http://www.security-protocols.com/firefox-death.html OSVDB:19255 URL:http://www.osvdb.org/19255 OVAL:oval:org.mitre.oval:def:1287 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287 OVAL:oval:org.mitre.oval:def:584 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584 OVAL:oval:org.mitre.oval:def:9608 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608 REDHAT:RHSA-2005:768 URL:http://www.redhat.com/support/errata/RHSA-2005-768.html REDHAT:RHSA-2005:769 URL:http://www.redhat.com/support/errata/RHSA-2005-769.html REDHAT:RHSA-2005:791 URL:http://www.redhat.com/support/errata/RHSA-2005-791.html SECTRACK:1014877 URL:http://securitytracker.com/id?1014877 SECUNIA:16764 URL:http://secunia.com/advisories/16764 SECUNIA:16766 URL:http://secunia.com/advisories/16766 SECUNIA:16767 URL:http://secunia.com/advisories/16767 SECUNIA:17042 URL:http://secunia.com/advisories/17042 SECUNIA:17090 URL:http://secunia.com/advisories/17090 SECUNIA:17263 URL:http://secunia.com/advisories/17263 SECUNIA:17284 URL:http://secunia.com/advisories/17284 SREASON:83 URL:http://securityreason.com/securityalert/83 UBUNTU:USN-181-1 URL:http://www.ubuntu.com/usn/usn-181-1 VUPEN:ADV-2005-1690 URL:http://www.vupen.com/english/advisories/2005/1690 VUPEN:ADV-2005-1691 URL:http://www.vupen.com/english/advisories/2005/1691 VUPEN:ADV-2005-1824 URL:http://www.vupen.com/english/advisories/2005/1824 XF:mozilla-url-bo(22207) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22207
Assigning CNA
Red Hat, Inc.
Date Entry Created
20050909	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050909)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org