Launchpad CVE tracker

CVE 2005-0592

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.

Related bugs and status

CVE-2005-0592 (Candidate) is related to these bugs:

Bug #12680: [warty] IDN support allows domain name spoofing

Summary				In	Importance	Status
	12680	[warty] IDN support allows domain name spoofing		mozilla (Ubuntu)	High	Fix Released
	12680	[warty] IDN support allows domain name spoofing		mozilla (Debian)	Unknown	Fix Released

Bug #13406: [Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Summary				In	Importance	Status
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Ubuntu)	High	Fix Released
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0592

References