Vulnerability CVE-2005-0233

Vulnerability Name:

CVE-2005-0233 (CCN-19236)

Assigned:

2005-02-07

Published:

2005-02-07

Updated:

2022-02-28

Summary:

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2005-0233

Source: MITRE
Type: CNA
CVE-2005-0234

Source: MITRE
Type: CNA
CVE-2005-0235

Source: MITRE
Type: CNA
CVE-2005-0236

Source: MITRE
Type: CNA
CVE-2005-0237

Source: MITRE
Type: CNA
CVE-2005-0238

Source: MITRE
Type: CNA
CVE-2005-4678

Source: FULLDISC
Type: Broken Link, Exploit, Vendor Advisory
20050206 state of homograph attacks

Source: BUGTRAQ
Type: Mailing List
20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

Source: CCN
Type: RHSA-2005-176
firefox security update

Source: CCN
Type: RHSA-2005-325
kdelibs security update

Source: CCN
Type: RHSA-2005-384
Mozilla security update

Source: CCN
Type: SA14162
KDE Applications IDN Spoofing Security Issue

Source: CCN
Type: SA17618
Safari Image Control Status Bar Spoofing Weakness

Source: CCN
Type: CIAC INFORMATION BULLETIN P-149
Firefox Security Update

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: CCN
Type: CIAC INFORMATION BULLETIN P-159
kdelibs Security Update

Source: CCN
Type: GLSA-200503-10
Mozilla Firefox: Various vulnerabilities

Source: GENTOO
Type: Exploit, Patch, Third Party Advisory, Vendor Advisory
GLSA-200503-10

Source: CCN
Type: GLSA-200503-30
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: Exploit, Patch, Third Party Advisory, Vendor Advisory
GLSA-200503-30

Source: CCN
Type: US-CERT VU#273262
Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support

Source: CONFIRM
Type: Exploit, Patch, Third Party Advisory, Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-29.html

Source: SUSE
Type: Broken Link, Exploit, Patch, Vendor Advisory
SUSE-SA:2005:016

Source: CCN
Type: OSVDB ID: 20957
Apple Safari Image Control Title Attribute Status Bar Spoofing

Source: CCN
Type: OSVDB ID: 61029
Omniweb International Domain Name (IDN) Punycode Encoded Domain Name Spoofing

Source: CCN
Type: OSVDB ID: 61030
Opera International Domain Name (IDN) Punycode Encoded Domain Name Spoofing

Source: CCN
Type: OSVDB ID: 61031
Apple Safari International Domain Name (IDN) Punycode Encoded Domain Name Spoofing

Source: CCN
Type: OSVDB ID: 61032
Epiphany International Domain Name (IDN) Punycode Encoded Domain Name Spoofing

Source: REDHAT
Type: Broken Link
RHSA-2005:176

Source: REDHAT
Type: Broken Link
RHSA-2005:384

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
12461

Source: CCN
Type: BID-12461
Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities

Source: CCN
Type: BID-12470
Multiple Mozilla Browser enable.IDN Setting Weakness

Source: MISC
Type: Broken Link, Exploit, Vendor Advisory
http://www.shmoo.com/idn

Source: MISC
Type: Broken Link, Exploit, Vendor Advisory
http://www.shmoo.com/idn/homograph.txt

Source: CCN
Type: USN-149-3
Ubuntu 4.10 update for Firefox vulnerabilities

Source: XF
Type: Third Party Advisory, VDB Entry
multiple-browsers-idn-spoof(19236)

Source: XF
Type: UNKNOWN
multiple-browsers-idn-spoof(19236)

Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:100029

Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:11229

Source: SUSE
Type: SUSE-SA:2005:016
Mozilla Firefox: remote code execution

Source: SUSE
Type: SUSE-SA:2005:022
kdelibs3: various KDE security problems

Source: SUSE
Type: SUSE-SA:2005:031
Opera: various problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:camino:0.8.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:mozilla:*:*:*:*:*:*:*:* (Version < 1.7.6)

OR cpe:/a:omnigroup:omniweb:5:*:*:*:*:*:*:*

OR cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 7.54)

OR cpe:/a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:kde:konqueror:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:omnigroup:omniweb:5.1:563.34:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:gnome:epiphany:*:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050233	V	CVE-2005-0233	2015-11-16
oval:org.mitre.oval:def:11229	V	The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.	2013-04-29
oval:org.mitre.oval:def:100029	V	Mozilla IDN Homograph Spoofing Vulnerability	2007-05-09
oval:com.redhat.rhsa:def:20050384	P	RHSA-2005:384: Mozilla security update (Important)	2005-04-28
oval:com.redhat.rhsa:def:20050176	P	RHSA-2005:176: firefox security update (Critical)	2005-03-01

BACK