← back
CVE-2005-2871

CVE-2005-2871

EPSS 21.1%
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/1224unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.htmlhttp://marc.info/?l=full-disclosure&m=112624614008387&w=2https://bugzilla.mozilla.org/show_bug.cgi?id=307259http://secunia.com/advisories/16764http://secunia.com/advisories/16766http://secunia.com/advisories/16767http://secunia.com/advisories/17042http://secunia.com/advisories/17090http://secunia.com/advisories/17263http://secunia.com/advisories/17284http://securityreason.com/securityalert/83http://securitytracker.com/id?1014877