5
CVSSv2

CVE-2017-7838

Published: 11/06/2018 Updated: 25/06/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox56.0.2

Vendor Advisories

Punycode format text in Firefox before 570 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode This could be used for limited spoofing attacks due to user con ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
USN-3477-1 caused some minor regressions in Firefox ...
USN-3477-1 caused a regression in Firefox ...
USN-3477-1 caused a regression in Firefox ...
Arch Linux Security Advisory ASA-201711-23 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 C ...
Security vulnerabilities fixed in Firefox 57 Announced November 14, 2017 Impact critical Products Firefox Fixed in Firefox 57 ...