← voltar
CVE-2005-2871

CVE-2005-2871

EPSS 21.1%
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/1224não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.htmlhttp://marc.info/?l=full-disclosure&m=112624614008387&w=2https://bugzilla.mozilla.org/show_bug.cgi?id=307259http://secunia.com/advisories/16764http://secunia.com/advisories/16766http://secunia.com/advisories/16767http://secunia.com/advisories/17042http://secunia.com/advisories/17090http://secunia.com/advisories/17263http://secunia.com/advisories/17284http://securityreason.com/securityalert/83http://securitytracker.com/id?1014877