Vulnerability Details : CVE-2005-0233
Potential exploit
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Products affected by CVE-2005-0233
- cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:camino:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
- cpe:2.3:a:omnigroup:omniweb:5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0233
72.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0233
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-0233
-
http://www.shmoo.com/idn
404 Not FoundBroken Link;Exploit;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=110782704923280&w=2
Mailing List
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029
Tool Signature
-
http://www.securityfocus.com/bid/12461
Broken Link;Third Party Advisory;VDB Entry
-
http://www.shmoo.com/idn/homograph.txt
404 Not FoundBroken Link;Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229
Tool Signature
-
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
[Full-Disclosure] Mailing List CharterBroken Link;Exploit;Vendor Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Exploit;Patch;Third Party Advisory;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-384.html
Broken Link
-
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Exploit;Patch;Third Party Advisory;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-176.html
Broken Link
-
http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Broken Link;Exploit;Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
Third Party Advisory;VDB Entry
-
http://www.mozilla.org/security/announce/mfsa2005-29.html
Exploit;Patch;Third Party Advisory;Vendor Advisory
Jump to