CVE-2005-2871

Published: Sep 9, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Affected (8)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 1.0.1
Mozilla Firefox	Version 1.0.2
Mozilla Firefox	Version 1.0.3
Mozilla Firefox	Version 1.0.4
Mozilla Firefox	Version 1.0.5
Mozilla Firefox	Version 1.0.6
Mozilla Firefox	Version 1.0
Mozilla Firefox	Version 1.5 beta1

References (74)

http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html

Source: secalert@redhat.com

http://marc.info/?l=full-disclosure&m=112624614008387&w=2

Source: secalert@redhat.com

http://secunia.com/advisories/16764

Source: secalert@redhat.com

http://secunia.com/advisories/16766

Source: secalert@redhat.com

http://secunia.com/advisories/16767

Source: secalert@redhat.com

http://secunia.com/advisories/17042

Source: secalert@redhat.com

http://secunia.com/advisories/17090

Source: secalert@redhat.com

http://secunia.com/advisories/17263

Source: secalert@redhat.com

http://secunia.com/advisories/17284

Source: secalert@redhat.com

http://securityreason.com/securityalert/83

Source: secalert@redhat.com

http://securitytracker.com/id?1014877

Source: secalert@redhat.com

http://www.ciac.org/ciac/bulletins/p-303.shtml

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-837

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-866

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-868

Source: secalert@redhat.com

http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml

Source: secalert@redhat.com

http://www.kb.cert.org/vuls/id/573857

Source: secalert@redhat.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/mfsa2005-57.html

Source: secalert@redhat.com

http://www.osvdb.org/19255

Source: secalert@redhat.com

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2005-768.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2005-769.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2005-791.html

Source: secalert@redhat.com

http://www.securiteam.com/securitynews/5RP0B0UGVW.html

Source: secalert@redhat.com

http://www.security-protocols.com/advisory/sp-x17-advisory.txt

Source: secalert@redhat.com

ExploitVendor Advisory

http://www.security-protocols.com/firefox-death.html

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/bid/14784

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-181-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2005/1690

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2005/1691

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2005/1824

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=307259

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/22207

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html