Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2005-2871

Disclosure Date: September 09, 2005 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all “soft” hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

mozilla

Products

firefox 1.0,
firefox 1.0.1,
firefox 1.0.2,
firefox 1.0.3,
firefox 1.0.4,
firefox 1.0.5,
firefox 1.0.6,
firefox 1.5

References

Canonical

CVE-2005-2871 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2871)

BID-14784 (http://www.securityfocus.com/bid/14784)

Advisory

VU#573857 (http://www.kb.cert.org/vuls/id/573857)

DSA-868 (http://www.debian.org/security/2005/dsa-868)

ADV-2005-1824 (http://www.vupen.com/english/advisories/2005/1824)

http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

ADV-2005-1690 (http://www.vupen.com/english/advisories/2005/1690)

SREASON-83 (http://securityreason.com/securityalert/83)

SECUNIA-16767 (http://secunia.com/advisories/16767)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287

ADV-2005-1691 (http://www.vupen.com/english/advisories/2005/1691)

SECUNIA-16764 (http://secunia.com/advisories/16764)

DSA-837 (http://www.debian.org/security/2005/dsa-837)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584

USN-181-1 (http://www.ubuntu.com/usn/usn-181-1)

http://www.redhat.com/support/errata/RHSA-2005-791.html

SECUNIA-17042 (http://secunia.com/advisories/17042)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608

SECUNIA-16766 (http://secunia.com/advisories/16766)

DSA-866 (http://www.debian.org/security/2005/dsa-866)

20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox (http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html)

http://www.redhat.com/support/errata/RHSA-2005-769.html

SECTRACK-1014877 (http://securitytracker.com/id?1014877)

http://www.mozilla.org/security/announce/mfsa2005-57.html

SECUNIA-17284 (http://secunia.com/advisories/17284)

OSVDB-19255 (http://www.osvdb.org/19255)

SECUNIA-17263 (http://secunia.com/advisories/17263)

http://www.redhat.com/support/errata/RHSA-2005-768.html

GLSA-200509-11 (http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml)

https://bugzilla.mozilla.org/show_bug.cgi?id=307259

http://www.mandriva.com/security/advisories?name=MDKSA-2005:174

SECUNIA-17090 (http://secunia.com/advisories/17090)

20050909 Mozilla Firefox "Host:" Buffer Overflow (http://marc.info?l=full-disclosure&m=112624614008387&w=2)

XF-mozilla-url-bo(22207) (https://exchange.xforce.ibmcloud.com/vulnerabilities/22207)

Miscellaneous

http://www.security-protocols.com/advisory/sp-x17-advisory.txt

http://www.securiteam.com/securitynews/5RP0B0UGVW.html

P-303 (http://www.ciac.org/ciac/bulletins/p-303.shtml)

http://www.security-protocols.com/firefox-death.html

http://marc.info/?l=full-disclosure&m=112624614008387&w=2

Rapid7

Technical Analysis