Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Title:Firefox URL Spoofing And Phising Vulnerability (Linux)
Summary:The host is installed with Mozilla Firefox browser and is prone; to URL spoofing and phising vulnerability.
The host is installed with Mozilla Firefox browser and is prone
to URL spoofing and phising vulnerability.

Vulnerability Insight:
Firefox doesn't properly prevent the literal rendering of homoglyph
characters in IDN domain names. This renders the user vulnerable to URL
spoofing and phising attacks as the atatcker may redirect the user to a
different arbitrary malformed website.

Vulnerability Impact:
Successful remote exploitation will let the attacker spoof the URL
information by using homoglyphs of say the /(slash) and ?(question mark)and
can gain sensitive information by redirecting the user to any malicious URL.

Affected Software/OS:
Mozilla Firefox version 3.0.6 and prior on Linux.

Upgrade to Mozilla Firefox version 3.6.3 or later

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 33837
Common Vulnerability Exposure (CVE) ID: CVE-2009-0652
Debian Security Information: DSA-1797 (Google Search)
Debian Security Information: DSA-1830 (Google Search)
RedHat Security Advisories: RHSA-2009:0437
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
XForce ISS Database: mozilla-firefox-homoglyph-spoofing(48974)
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.