CVE - CVE-2009-0652

CVE-ID
CVE-2009-0652	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:33837 URL:http://www.securityfocus.com/bid/33837 CONFIRM:http://www.mozilla.org/security/announce/2009/mfsa2009-15.html DEBIAN:DSA-1797 URL:http://www.debian.org/security/2009/dsa-1797 DEBIAN:DSA-1830 URL:http://www.debian.org/security/2009/dsa-1830 FEDORA:FEDORA-2009-3875 URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html MANDRIVA:MDVSA-2009:111 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:111~~ (Obsolete source) MISC:http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike MISC:https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf MLIST:[dailydave] 20090219 SSL MITM fun. URL:http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html MLIST:[dailydave] 20090220 SSL MITM fun. URL:http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html OVAL:oval:org.mitre.oval:def:11396 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396 REDHAT:RHSA-2009:0436 URL:http://www.redhat.com/support/errata/RHSA-2009-0436.html REDHAT:RHSA-2009:0437 URL:http://rhn.redhat.com/errata/RHSA-2009-0437.html SECUNIA:34096 URL:http://secunia.com/advisories/34096 SECUNIA:34843 URL:http://secunia.com/advisories/34843 SECUNIA:34844 URL:http://secunia.com/advisories/34844 SECUNIA:34894 URL:http://secunia.com/advisories/34894 SECUNIA:35042 URL:http://secunia.com/advisories/35042 SECUNIA:35065 URL:http://secunia.com/advisories/35065 SUSE:SUSE-SR:2009:010 URL:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html UBUNTU:USN-764-1 URL:https://usn.ubuntu.com/764-1/ VUPEN:ADV-2009-1125 URL:~~http://www.vupen.com/english/advisories/2009/1125~~ (Obsolete source) XF:mozilla-firefox-homoglyph-spoofing(48974) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48974
Assigning CNA
MITRE Corporation
Date Record Created
20090220	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090220)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)