CVE-2005-0238
Epiphany < 1.6 - Domain Spoofing via Punycode Homograph Attack
Title source: manualDescription
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
References (6)
Core 6
Core References
Broken Link, Exploit, Vendor Advisory x_refsource_misc
http://www.shmoo.com/idn/homograph.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Broken Link, Exploit, Vendor Advisory x_refsource_misc
http://www.shmoo.com/idn
Broken Link, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12461
Scores
EPSS
0.0075
EPSS Percentile
73.3%
Details
Status
published
Products (5)
gnome/epiphany
mozilla/camino
0.8.5
mozilla/mozilla
< 1.6
omnigroup/omniweb
5
opera/opera_browser
< 7.54
Published
May 02, 2005
Tracked Since
Feb 18, 2026