Уязвимость спуфинга доменных имен в реализации поддержки International Domain Name (IDN) в браузерах Firefox, Camino и Mozilla
Описание
Уязвимость в поддержке International Domain Name (IDN) в браузерах Firefox версии 1.0, Camino версии 0.8.5 и Mozilla до версии 1.7.6 позволяет злоумышленникам осуществлять спуфинг доменных имен. Злоумышленники способны использовать доменные имена в кодировке punycode, которые декодируются в URL-адресах и SSL-сертификатах с использованием гомографических символов из других наборов символов, что облегчает фишинговые атаки.
Затронутые версии ПО
- Firefox 1.0
- Camino 0.8.5
- Mozilla до версии 1.7.6
Тип уязвимости
Спуфинг доменных имен
Ссылки
- Broken LinkExploitVendor Advisory
- Mailing List
- ExploitPatchThird Party AdvisoryVendor Advisory
- ExploitPatchThird Party AdvisoryVendor Advisory
- ExploitPatchThird Party AdvisoryVendor Advisory
- Broken LinkExploitPatchVendor Advisory
- Broken Link
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitVendor Advisory
- Broken LinkExploitVendor Advisory
- Third Party AdvisoryVDB Entry
- Tool Signature
- Tool Signature
- Broken LinkExploitVendor Advisory
- Mailing List
- ExploitPatchThird Party AdvisoryVendor Advisory
- ExploitPatchThird Party AdvisoryVendor Advisory
- ExploitPatchThird Party AdvisoryVendor Advisory
- Broken LinkExploitPatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
The International Domain Name (IDN) support in Firefox 1.0, Camino .8. ...
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
EPSS
7.5 High
CVSS2