Описание
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-2871
- https://bugzilla.mozilla.org/show_bug.cgi?id=307259
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22207
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608
- http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html
- http://marc.info/?l=full-disclosure&m=112624614008387&w=2
- http://secunia.com/advisories/16764
- http://secunia.com/advisories/16766
- http://secunia.com/advisories/16767
- http://secunia.com/advisories/17042
- http://secunia.com/advisories/17090
- http://secunia.com/advisories/17263
- http://secunia.com/advisories/17284
- http://securityreason.com/securityalert/83
- http://securitytracker.com/id?1014877
- http://www.ciac.org/ciac/bulletins/p-303.shtml
- http://www.debian.org/security/2005/dsa-837
- http://www.debian.org/security/2005/dsa-866
- http://www.debian.org/security/2005/dsa-868
- http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml
- http://www.kb.cert.org/vuls/id/573857
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
- http://www.mozilla.org/security/announce/mfsa2005-57.html
- http://www.osvdb.org/19255
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
- http://www.redhat.com/support/errata/RHSA-2005-768.html
- http://www.redhat.com/support/errata/RHSA-2005-769.html
- http://www.redhat.com/support/errata/RHSA-2005-791.html
- http://www.securiteam.com/securitynews/5RP0B0UGVW.html
- http://www.security-protocols.com/advisory/sp-x17-advisory.txt
- http://www.security-protocols.com/firefox-death.html
- http://www.securityfocus.com/bid/14784
- http://www.ubuntu.com/usn/usn-181-1
- http://www.vupen.com/english/advisories/2005/1690
- http://www.vupen.com/english/advisories/2005/1691
- http://www.vupen.com/english/advisories/2005/1824
EPSS
CVE ID
Связанные уязвимости
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Buffer overflow in the International Domain Name (IDN) support in Mozi ...
EPSS