New Search

The International Domain Name (IDN) support in Firefox 1.0 Camino .8.5 and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets which facilitates phishing attacks.

oval:org.mitre.oval:def:9650

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar a variant of CVE-2005-0527 aka "Firescrolling 2."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2005-0401
Product(s):