CVE-2009-1834 Information

Description

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace as demonstrated by the \u115A through \u115E characters.

Reference

http://osvdb.org/55162 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35468 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mozilla.org/security/announce/2009/mfsa2009-25.html http://www.securityfocus.com/bid/35326 http://www.securityfocus.com/bid/35388 http://www.vupen.com/english/advisories/2009/1572 https://bugzilla.mozilla.org/show_bug.cgi?id=479413 https://bugzilla.redhat.com/show_bug.cgi?id=503573 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10436 https://rhn.redhat.com/errata/RHSA-2009-1095.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html