CVE-2005-2871

Mozilla Firefox <1.0.6 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmlremotewindows

https://www.exploit-db.com/exploits/1224

View Code ZIP pw:eip

References (37)

[US Government Resource] http://www.kb.cert.org/vuls/id/573857

[Third Party Advisory] http://www.debian.org/security/2005/dsa-868

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1824

[Vendor Advisory] http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1690

[Third Party Advisory] http://securityreason.com/securityalert/83

[Third Party Advisory] http://secunia.com/advisories/16767

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/1691

[Third Party Advisory] http://secunia.com/advisories/16764

[Third Party Advisory] http://www.debian.org/security/2005/dsa-837

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584

[Vendor Advisory] http://www.ubuntu.com/usn/usn-181-1

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-791.html

[Third Party Advisory] http://secunia.com/advisories/17042

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/14784

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608

[Third Party Advisory] http://secunia.com/advisories/16766

[Third Party Advisory] http://www.debian.org/security/2005/dsa-866

[Exploit, Vendor Advisory] http://www.security-protocols.com/advisory/sp-x17-advisory.txt

... and 17 more

Scores

EPSS 0.5158

EPSS Percentile 97.9%

Details

Status published

Products (8)

mozilla/firefox 1.0

mozilla/firefox 1.0.1

mozilla/firefox 1.0.2

mozilla/firefox 1.0.3

mozilla/firefox 1.0.4

mozilla/firefox 1.0.5

mozilla/firefox 1.0.6

mozilla/firefox 1.5 beta1

Published Sep 09, 2005

Tracked Since Feb 18, 2026