Buffer Overflow Vulnerability in IDN Support in Mozilla Firefox and Netscape

Buffer Overflow Vulnerability in IDN Support in Mozilla Firefox and Netscape

CVE-2005-2871 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.