Definition

Mozilla IDN heap overrun using soft-hyphens

oval:org.mitre.oval:def:1287

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier and Netscape 8.0.3.3 and 7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD) which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Family:

unix

Status:

ACCEPTED

Platform(s):

HP-UX 11

Class:

vulnerability

Reference(s):

CVE-2005-2871

Product(s):

mozilla