Launchpad CVE tracker

CVE 2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Related bugs and status

CVE-2005-0233 (Candidate) is related to these bugs:

Bug #11652: [warty] CAN-2004-1316: DOS due to Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp

Summary				In	Importance	Status
	11652	[warty] CAN-2004-1316: DOS due to Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp		mozilla (Ubuntu)	High	Fix Released
	11652	[warty] CAN-2004-1316: DOS due to Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp		mozilla (Debian)	Unknown	Fix Released

Bug #12680: [warty] IDN support allows domain name spoofing

Summary				In	Importance	Status
	12680	[warty] IDN support allows domain name spoofing		mozilla (Ubuntu)	High	Fix Released
	12680	[warty] IDN support allows domain name spoofing		mozilla (Debian)	Unknown	Fix Released

Bug #13406: [Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Summary				In	Importance	Status
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Ubuntu)	High	Fix Released
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0233

References