NVD
- Id
- 47981
- Name
- CVE-2009-0652
- Description
- The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
- Reject
- CVSS Version
- 2
- CVSS Score
- 5.8
- Severity
- Medium
- CVSS Base Score
- 5.8
- CVSS Impact Subscore
- 4.9
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:N/I:P/A:P)
- Pub Date
- 2017-01-07
- Published
- 2009-02-20
- Modified Date
- 2012-01-05
- Seq
- 2009-0652