Apple Computer Inc. Affected

Notified:  February 18, 2005 Updated: March 22, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed by Apple Security Update 2005-003.

KDE Desktop Environment Project Affected

Notified:  February 18, 2005 Updated: March 17, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.kde.org/info/security/advisory-20050316-2.txt.

Microsoft Corporation Unknown

Notified:  February 18, 2005 Updated: February 18, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Internet Explorer does not support IDN natively, but a plug-in is available from Verisign.

Mozilla Affected

Notified:  February 18, 2005 Updated: March 01, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Mozilla Firefox 1.0.1 displays Internationalized Domain Names in punycode. This can help protect against spoofing.

Opera Software Affected

Notified:  February 18, 2005 Updated: February 18, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Red Hat Software, Inc. Affected

Updated:  August 01, 2005

Status

Affected

Vendor Statement

In Red Hat Enterprise Linux 2.1 and 3 this issue affected the Mozilla browser. New mozilla packages along with our advisory are available at the URL below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2005-384.html In Red Hat Enterprise Linux 4 this issue affected the Firefox and Konqeuror browsers. New kdelibs and firefox packages along with our advisory are available at the URLs below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2005-176.html http://rhn.redhat.com/errata/RHSA-2005-325.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Verisign Affected

Notified:  February 18, 2005 Updated: February 18, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Verisign provides a plug-in for Internet Explorer that provides IDN support.