New Search

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace as demonstrated by the \u115A through \u115E characters.

oval:org.mitre.oval:def:10436

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace as demonstrated by the \u115A through \u115E characters.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • Oracle Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-1834
Product(s):