Vulnerability Note VU#273262
Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support
Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable.
The Domain Name System
The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. DNS was designed to support domain names that use a subset of the American Standard Code for Information Interchange (ASCII) character set.
By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information.
Upgrade or Patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||18 Feb 2005||22 Mar 2005|
|KDE Desktop Environment Project||Affected||18 Feb 2005||17 Mar 2005|
|Mozilla||Affected||18 Feb 2005||01 Mar 2005|
|Opera Software||Affected||18 Feb 2005||18 Feb 2005|
|Red Hat Software, Inc.||Affected||-||01 Aug 2005|
|Verisign||Affected||18 Feb 2005||18 Feb 2005|
|Microsoft Corporation||Unknown||18 Feb 2005||18 Feb 2005|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Evgeniy Gabrilovich and Alex Gontmakher.
This document was written by Will Dormann.
- CVE IDs: CAN-2005-0234
- Date Public: 02 Feb 2002
- Date First Published: 22 Mar 2005
- Date Last Updated: 01 Aug 2005
- Severity Metric: 2.36
- Document Revision: 39
If you have feedback, comments, or additional information about this vulnerability, please send us email.