CVE-2005-0234

medium

Description

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19236

http://www.shmoo.com/idn/homograph.txt

http://www.securityfocus.com/bid/12461

http://marc.info/?l=bugtraq&m=110782704923280&w=2

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00495