Page 48 of 261 results (0.008 seconds)

CVSS: 7.5EPSS: 93%CPEs: 6EXPL: 7

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://marc.info/?l=bugtraq&m=110782704923280&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-29.html http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/ •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 3

The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://www.securityfocus.com/bid/12461 http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://marc.info/?l=bugtraq&m=110782704923280&w=2 http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/12461 http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code. • http://secunia.com/advisories/13818 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.kb.cert.org/vuls/id/882926 http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.opera.com/linux/changelogs/754u2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18867 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029044.html http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u1 • CWE-668: Exposure of Resource to Wrong Sphere •