FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2871

This CVE name corresponds to:

Entered Topic
2005-09-10 firefox & mozilla -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-2871
Phase Assigned(20050909)

Description

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

References

Source Reference
FULLDISC 20050909 Mozilla Firefox "Host:" Buffer Overflow
MISC http://www.security-protocols.com/firefox-death.html
MISC http://www.security-protocols.com/advisory/sp-x17-advisory.txt
FULLDISC 20050911 FireFox "Host:" Buffer Overflow is not just exploitable on FireFox
CONFIRM http://www.mozilla.org/security/announce/mfsa2005-57.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=307259
DEBIAN DSA-837
DEBIAN DSA-868
DEBIAN DSA-866
FEDORA FLSA-2006:168375
GENTOO GLSA-200509-11
HP HPSBUX01133
HP SSRT5940
MANDRIVA MDKSA-2005:174
REDHAT RHSA-2005:768
REDHAT RHSA-2005:769
REDHAT RHSA-2005:791
UBUNTU USN-181-1
CERT-VN VU#573857
CIAC P-303
MISC http://www.securiteam.com/securitynews/5RP0B0UGVW.html
BID 14784
OVAL oval:org.mitre.oval:def:9608
VUPEN ADV-2005-1690
VUPEN ADV-2005-1691
VUPEN ADV-2005-1824
OSVDB 19255
OVAL oval:org.mitre.oval:def:1287
OVAL oval:org.mitre.oval:def:584
SECTRACK 1014877
SECUNIA 16764
SECUNIA 16766
SECUNIA 16767
SECUNIA 17042
SECUNIA 17090
SECUNIA 17284
SECUNIA 17263
SREASON 83
XF mozilla-url-bo(22207)