Vulnerability Name:

CVE-2005-2871 (CCN-22207)

Assigned:2005-09-09
Published:2005-09-09
Updated:2018-05-03
Summary:Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List: Fri Sep 09 2005 - 01:09:51 CDT
Mozilla Firefox "Host:" Buffer Overflow

Source: FULLDISC
Type: UNKNOWN
20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox

Source: CCN
Type: Netscape Web site
The All New Netscape Browser 8.0

Source: MITRE
Type: CNA
CVE-2005-2871

Source: FULLDISC
Type: UNKNOWN
20050909 Mozilla Firefox "Host:" Buffer Overflow

Source: CCN
Type: RHSA-2005-768
firefox security update

Source: CCN
Type: RHSA-2005-769
mozilla security update

Source: CCN
Type: RHSA-2005-791
thunderbird security update

Source: CCN
Type: SA16764
Firefox IDN URL Domain Name Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
16764

Source: CCN
Type: SA16766
Netscape IDN URL Domain Name Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
16766

Source: CCN
Type: SA16767
Mozilla IDN URL Domain Name Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
16767

Source: SECUNIA
Type: UNKNOWN
17042

Source: SECUNIA
Type: UNKNOWN
17090

Source: SECUNIA
Type: UNKNOWN
17263

Source: SECUNIA
Type: UNKNOWN
17284

Source: SREASON
Type: UNKNOWN
83

Source: CCN
Type: SECTRACK ID: 1014877
Mozilla Firefox Buffer Overflow in Processing Hostnames May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1014877

Source: CCN
Type: CIAC INFORMATION BULLETIN P-303
Firefox and Mozilla Buffer Overflow Vulnerability

Source: CIAC
Type: UNKNOWN
P-303

Source: DEBIAN
Type: UNKNOWN
DSA-837

Source: DEBIAN
Type: UNKNOWN
DSA-866

Source: DEBIAN
Type: UNKNOWN
DSA-868

Source: DEBIAN
Type: DSA-837
mozilla-firefox -- buffer overflow

Source: DEBIAN
Type: DSA-866
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-868
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200509-11
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200509-11

Source: CCN
Type: US-CERT VU#573857
Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname

Source: CERT-VN
Type: US Government Resource
VU#573857

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:174

Source: CCN
Type: Mozilla Firefox Download Web page
Firefox - Rediscover the web

Source: CCN
Type: Mozilla Suite Web page
Mozilla Suite- The All-in-One Internet Application Suite

Source: CCN
Type: MFSA 2005-57
IDN heap overrun using soft-hyphens

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/mfsa2005-57.html

Source: OSVDB
Type: UNKNOWN
19255

Source: CCN
Type: OSVDB ID: 19255
Mozilla Multiple Browser International Domain Name (IDN) URL Domain Name Overflow

Source: FEDORA
Type: UNKNOWN
FLSA-2006:168375

Source: REDHAT
Type: UNKNOWN
RHSA-2005:768

Source: REDHAT
Type: UNKNOWN
RHSA-2005:769

Source: REDHAT
Type: UNKNOWN
RHSA-2005:791

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/securitynews/5RP0B0UGVW.html

Source: MISC
Type: Exploit, Vendor Advisory
http://www.security-protocols.com/advisory/sp-x17-advisory.txt

Source: MISC
Type: Exploit
http://www.security-protocols.com/firefox-death.html

Source: BID
Type: UNKNOWN
14784

Source: CCN
Type: BID-14784
Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-181-1
Mozilla products vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-181-1

Source: VUPEN
Type: UNKNOWN
ADV-2005-1690

Source: VUPEN
Type: UNKNOWN
ADV-2005-1691

Source: VUPEN
Type: UNKNOWN
ADV-2005-1824

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=307259

Source: XF
Type: UNKNOWN
mozilla-url-bo(22207)

Source: XF
Type: UNKNOWN
mozilla-url-bo(22207)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1287

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:584

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9608

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:8.0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052871
    V
    CVE-2005-2871
    2015-11-16
    oval:org.mitre.oval:def:9608
    V
    Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
    2013-04-29
    oval:org.mitre.oval:def:584
    V
    Mozilla IDN heap overrun using soft-hyphens
    2007-05-09
    oval:org.mitre.oval:def:1287
    V
    Mozilla IDN heap overrun using soft-hyphens
    2006-02-01
    oval:org.debian:def:866
    V
    several vulnerabilities
    2005-10-20
    oval:org.debian:def:868
    V
    several vulnerabilities
    2005-10-20
    oval:com.redhat.rhsa:def:20050791
    P
    RHSA-2005:791: thunderbird security update (Important)
    2005-10-06
    oval:org.debian:def:837
    V
    buffer overflow
    2005-10-02
    oval:com.redhat.rhsa:def:20050769
    P
    RHSA-2005:769: mozilla security update (Critical)
    2005-09-10
    oval:com.redhat.rhsa:def:20050768
    P
    RHSA-2005:768: firefox security update (Critical)
    2005-09-09
    BACK
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox 1.0.6
    mozilla firefox 1.5 beta1
    netscape navigator 7.2
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.6
    mozilla firefox 1.5 beta1
    netscape navigator 8.0.3.3
    mozilla mozilla suite 1.7.11
    mozilla firefox 1.0.5
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0