Total vulnerabilities in the database
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
| Software | From | Fixed in |
|---|---|---|
| mozilla / firefox | 1.0.2 | 1.0.2.x |
| mozilla / firefox | 1.5-beta1 | 1.5-beta1.x |
| mozilla / firefox | 1.0.4 | 1.0.4.x |
| mozilla / firefox | 1.0 | 1.0.x |
| mozilla / firefox | 1.0.1 | 1.0.1.x |
| mozilla / firefox | 1.0.3 | 1.0.3.x |
| mozilla / firefox | 1.0.5 | 1.0.5.x |
| mozilla / firefox | 1.0.6 | 1.0.6.x |