Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-2871. PoCs published by Skylined.
AI-analyzed exploit summary This exploit targets a heap buffer overflow vulnerability in Mozilla browsers (Firefox, Mozilla, Netscape) via IDN hostname handling. It uses heap spraying to fill memory with a nopslide and shellcode, then triggers the vulnerability to overwrite heap pointers and redirect execution to the shellcode.
Description
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Skylined · htmlremotewindows
https://www.exploit-db.com/exploits/1224
This exploit targets a heap buffer overflow vulnerability in Mozilla browsers (Firefox, Mozilla, Netscape) via IDN hostname handling. It uses heap spraying to fill memory with a nopslide and shellcode, then triggers the vulnerability to overwrite heap pointers and redirect execution to the shellcode.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target:
Mozilla Firefox, Mozilla, Netscape (pre-patch versions)
No auth needed
Prerequisites:
Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (37)
Core 37
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/573857
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-868
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1824
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1690
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/83
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16767
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1691
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16764
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-837
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-181-1
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-791.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14784
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16766
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-866
Exploit, Vendor Advisory x_refsource_misc
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-769.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014877
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/mfsa2005-57.html
Various Sources x_refsource_misc
http://www.securiteam.com/securitynews/5RP0B0UGVW.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/19255
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17263
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-768.html
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-303.shtml
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml
Exploit x_refsource_misc
http://www.security-protocols.com/firefox-death.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17090
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=112624614008387&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22207
Scores
EPSS
0.2111
EPSS Percentile
97.3%
Details
Status
published
Products (8)
mozilla/firefox
1.0
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
mozilla/firefox
1.0.3
mozilla/firefox
1.0.4
mozilla/firefox
1.0.5
mozilla/firefox
1.0.6
mozilla/firefox
1.5 beta1
Published
Sep 09, 2005
Tracked Since
Feb 18, 2026