CVE-2009-0652 (retired)

Priority
Description
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6
and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey
before 1.1.15 does not include box-drawing characters, which allows remote
attackers to spoof URLs and conduct phishing attacks, as demonstrated by
homoglyphs of the / (slash) and ? (question mark) characters in a subdomain
of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE:
some third parties claim that 3.0.6 is not affected, but much older
versions perhaps are affected.
Notes
jdstrandCVEs in Firefox are tracked in the xulrunner source packages. The
mapping of xulrunner sources to firefox is:
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
xulrunner-1.9: firefox-3.0
xulrunner-1.9.1: firefox-3.5
Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (1.1.15)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:14:58 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)