7.5

CVE-2005-2871

Exploit

EPSS 51.6%
Published 09.09.2005 18:03:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Affected products Warnungen 0 Metrics 2 CWE 0 References 40

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.5 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	51.6%	0.976

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html

http://marc.info/?l=full-disclosure&m=112624614008387&w=2

http://secunia.com/advisories/16764

http://secunia.com/advisories/16766

http://secunia.com/advisories/16767

http://secunia.com/advisories/17042

http://secunia.com/advisories/17090

http://secunia.com/advisories/17263

http://secunia.com/advisories/17284

http://securityreason.com/securityalert/83

http://securitytracker.com/id?1014877

http://www.ciac.org/ciac/bulletins/p-303.shtml

http://www.debian.org/security/2005/dsa-837

http://www.debian.org/security/2005/dsa-866

http://www.debian.org/security/2005/dsa-868

http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml

http://www.kb.cert.org/vuls/id/573857

US Government Resource

http://www.mozilla.org/security/announce/mfsa2005-57.html

http://www.osvdb.org/19255

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

http://www.redhat.com/support/errata/RHSA-2005-768.html

http://www.redhat.com/support/errata/RHSA-2005-769.html

http://www.redhat.com/support/errata/RHSA-2005-791.html

http://www.securiteam.com/securitynews/5RP0B0UGVW.html

http://www.security-protocols.com/advisory/sp-x17-advisory.txt

Vendor Advisory

Exploit

http://www.security-protocols.com/firefox-death.html

Exploit

http://www.securityfocus.com/bid/14784

http://www.ubuntu.com/usn/usn-181-1

http://www.vupen.com/english/advisories/2005/1690

http://www.vupen.com/english/advisories/2005/1691

http://www.vupen.com/english/advisories/2005/1824

https://bugzilla.mozilla.org/show_bug.cgi?id=307259

https://exchange.xforce.ibmcloud.com/vulnerabilities/22207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608

https://nvd.nist.gov/vuln/detail/CVE-2005-2871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2871

EUVD