Input validation error in Mozilla Firefox - #VU57887

 

Input validation error in Mozilla Firefox - #VU57887

Published: November 2, 2021


Vulnerability identifier: #VU57887
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of URL when parsing internationalized domain names. High bits of the characters in the URLs are sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing.


Remediation

Install updates from vendor's website.

Sources