Oval Definition:	oval:org.mitre.oval:def:584
Revision Date: 2007-05-09 Version: 3 Title: Mozilla IDN heap overrun using soft-hyphens Description: Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-2871 Platform(s): Microsoft Windows 2000 Microsoft Windows NT Microsoft Windows Server 2003 Microsoft Windows XP Product(s): mozilla Definition Synopsis Mozilla Suite version 1.7.10 or earlier is installed Mozilla Suite version 1.7.10 or earlier is installed AND Mozilla Suite version 1.7.10 or earlier is installed OR Mozilla Firefox version 1.0.6 or earlier is installed Firefox version 1.0.6 or earlier is installed AND Mozilla Firefox version 1.0.6 or earlier is installed
BACK