Input validation error in Mozilla Firefox - #VU57887
Published: November 2, 2021
Vulnerability identifier: #VU57887
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of URL when parsing internationalized domain names. High bits of the characters in the URLs are sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing.
Remediation
Install updates from vendor's website.