|Description||Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 126.96.36.199 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-837-1, DSA-866-1, DSA-868-1|
|NVD severity||high (attack range: remote)|
|Debian Bugs||327366, 327452, 327455, 327802|
The information below is based on the following data on fixed versions.
epiphany-browser is apparently fixed fix the mozilla
upload; see bug #327366