Описание
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-0652
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48974
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396
- https://usn.ubuntu.com/764-1
- https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
- http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html
- http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2009-0437.html
- http://secunia.com/advisories/34096
- http://secunia.com/advisories/34843
- http://secunia.com/advisories/34844
- http://secunia.com/advisories/34894
- http://secunia.com/advisories/35042
- http://secunia.com/advisories/35065
- http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
- http://www.debian.org/security/2009/dsa-1797
- http://www.debian.org/security/2009/dsa-1830
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- http://www.mozilla.org/security/announce/2009/mfsa2009-15.html
- http://www.redhat.com/support/errata/RHSA-2009-0436.html
- http://www.securityfocus.com/bid/33837
- http://www.vupen.com/english/advisories/2009/1125
EPSS
CVE ID
Связанные уязвимости
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...
EPSS