CVE 2005-2871
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL:
Related bugs and status
CVE-2005-2871 (Candidate) is related to these bugs:
Bug #19866: javascript crasher
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
19866 | javascript crasher | mozilla (Ubuntu) | High | Fix Released | ||
19866 | javascript crasher | mozilla (Debian) | Unknown | Fix Released |
Bug #19904: mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
19904 | mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency | mozilla (Ubuntu) | High | Invalid | ||
19904 | mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency | mozilla (Debian) | Unknown | Fix Released |
Bug #20532: mozilla: FTBFS: change in behavior of __attribute__((unused))
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
20532 | mozilla: FTBFS: change in behavior of __attribute__((unused)) | mozilla (Ubuntu) | High | Invalid | ||
20532 | mozilla: FTBFS: change in behavior of __attribute__((unused)) | mozilla (Debian) | Unknown | Fix Released |
Bug #21268: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Ubuntu) | High | Invalid | ||
21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Debian) | Unknown | Fix Released |
Bug #21308: security issue revealed: CAN-2005-2871
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
21308 | security issue revealed: CAN-2005-2871 | mozilla (Ubuntu) | High | Fix Released | ||
21308 | security issue revealed: CAN-2005-2871 | mozilla (Debian) | Unknown | Fix Released |
Bug #22260: shell command execution
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22260 | shell command execution | mozilla-thunderbird (Ubuntu) | High | Fix Released | ||
22260 | shell command execution | mozilla-thunderbird (Debian) | Unknown | Fix Released |
Bug #22261: mozilla-thunderbird --compose executes shell commands
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Ubuntu) | High | Invalid | ||
22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Debian) | Unknown | Fix Released |
Bug #22324: mozilla: Multiple security issues fixed in 1.7.12
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Ubuntu) | High | Fix Released | ||
22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.