CVE 2005-2871
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL:
Related bugs and status
CVE-2005-2871 (Candidate) is related to these bugs:
Bug #19866: javascript crasher
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 19866 | javascript crasher | mozilla (Ubuntu) | High | Fix Released | ||
| 19866 | javascript crasher | mozilla (Debian) | Unknown | Fix Released | ||
Bug #19904: mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 19904 | mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency | mozilla (Ubuntu) | High | Invalid | ||
| 19904 | mozilla-browser: mozilla 1.7.10 version crashes almost immediately and all other browsers that use the mozilla core crash with similar frequency | mozilla (Debian) | Unknown | Fix Released | ||
Bug #20532: mozilla: FTBFS: change in behavior of __attribute__((unused))
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 20532 | mozilla: FTBFS: change in behavior of __attribute__((unused)) | mozilla (Ubuntu) | High | Invalid | ||
| 20532 | mozilla: FTBFS: change in behavior of __attribute__((unused)) | mozilla (Debian) | Unknown | Fix Released | ||
Bug #21268: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Ubuntu) | High | Invalid | ||
| 21268 | epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow? | epiphany-browser (Debian) | Unknown | Fix Released | ||
Bug #21308: security issue revealed: CAN-2005-2871
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 21308 | security issue revealed: CAN-2005-2871 | mozilla (Ubuntu) | High | Fix Released | ||
| 21308 | security issue revealed: CAN-2005-2871 | mozilla (Debian) | Unknown | Fix Released | ||
Bug #22260: shell command execution
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 22260 | shell command execution | mozilla-thunderbird (Ubuntu) | High | Fix Released | ||
| 22260 | shell command execution | mozilla-thunderbird (Debian) | Unknown | Fix Released | ||
Bug #22261: mozilla-thunderbird --compose executes shell commands
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Ubuntu) | High | Invalid | ||
| 22261 | mozilla-thunderbird --compose executes shell commands | mozilla-thunderbird (Debian) | Unknown | Fix Released | ||
Bug #22324: mozilla: Multiple security issues fixed in 1.7.12
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Ubuntu) | High | Fix Released | ||
| 22324 | mozilla: Multiple security issues fixed in 1.7.12 | mozilla (Debian) | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
