CVE-2005-2871

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.0.6 and earlier Netscape versions 8.0.3.3 and 7.2

Description A buffer overflow issue exists in the International Domain Name (IDN) support, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD). This is due to improper handling by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec().

Recommendations For Mozilla Firefox versions 1.0.6 and earlier, update to a version later than 1.0.6 to resolve the issue. For Netscape versions 8.0.3.3 and 7.2, update to a version later than 8.0.3.3 and 7.2 to resolve the issue.