Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7838

Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.

Source

Severity Low

Remote Yes

Type Content spoofing

Description

Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.

AVG-494 firefox 56.0.2-1 57.0-1 Critical Fixed

15 Nov 2017 ASA-201711-23 AVG-494 firefox Critical multiple issues

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
https://bugzilla.mozilla.org/show_bug.cgi?id=1399540

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect