Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7833

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar of Firefox before 57.0. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

Source

Severity Medium

Remote Yes

Type Content spoofing

Description

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar of Firefox before 57.0. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

AVG-494 firefox 56.0.2-1 57.0-1 Critical Fixed

15 Nov 2017 ASA-201711-23 AVG-494 firefox Critical multiple issues

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833
https://bugzilla.mozilla.org/show_bug.cgi?id=1370497

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect