The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-20T19:00:00
Updated: 2018-10-03T20:57:01
Reserved: 2009-02-20T00:00:00
Link: CVE-2009-0652
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-20T19:30:00.250
Modified: 2018-10-03T21:58:35.520
Link: CVE-2009-0652
JSON object: View
Redhat Information
No data.
CWE