Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 260062 (CVE-2009-0652)

Summary: <www-client/mozilla-firefox-{bin-}3.0.7 IDN URL spoofing (CVE-2009-0652)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-02-23 20:47:21 UTC
CVE-2009-0652 (
  Mozilla Firefox 3.0.6 does not properly prevent the literal rendering
  of homoglyph characters in IDN domain names, which allows remote
  attackers to spoof URLs and conduct phishing attacks, as demonstrated
  by homoglyphs of the / (slash) and ? (question mark) characters in a
  subdomain of a .cn domain name, a different vulnerability than
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 23:40:26 UTC
Fixed in 3.0.7.
Ready to vote, I vote YES (together with #261386).
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2009-06-24 16:44:42 UTC
YES too, it's already in glsamaker anyway (even drafted).
Comment 3 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:20:56 UTC
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:03:03 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at
by GLSA coordinator Sean Amoss (ackle).