CVE-2005-2871

Name	CVE-2005-2871
Description	Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-837-1, DSA-866-1, DSA-868-1
Debian Bugs	327366, 327452, 327455, 327802

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mozilla	source	woody	(unfixed)		DSA-866-1
mozilla	source	sarge	1:1.7.8-1sarge3		DSA-866-1
mozilla	source	(unstable)	2:1.7.12-1	medium		327455
mozilla-firefox	source	sarge	1.0.4-2sarge4	medium	DSA-837-1	327452
mozilla-firefox	source	(unstable)	1.0.6-5	medium		327366, 327452, 327802
mozilla-thunderbird	source	sarge	1.0.2-2.sarge1.0.7		DSA-868-1
mozilla-thunderbird	source	(unstable)	1.0.7-1

Notes

epiphany-browser is apparently fixed fix the mozilla
upload; see bug #327366