← volver
CVE-2005-2871

CVE-2005-2871

EPSS 21.1%
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/1224no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.htmlhttp://marc.info/?l=full-disclosure&m=112624614008387&w=2https://bugzilla.mozilla.org/show_bug.cgi?id=307259http://secunia.com/advisories/16764http://secunia.com/advisories/16766http://secunia.com/advisories/16767http://secunia.com/advisories/17042http://secunia.com/advisories/17090http://secunia.com/advisories/17263http://secunia.com/advisories/17284http://securityreason.com/securityalert/83http://securitytracker.com/id?1014877