Main Vulnerability Database Vulnerabilities #VU9319

Spoofing attack in Mozilla Firefox - CVE-2017-7832

Published: November 15, 2017

Vulnerability identifier: #VU9319

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7832

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to spoof domain names.

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

A remote attacker can successfully perform a spoofing attack against domains with letter 'i.

How to mitigate CVE-2017-7832

Update to version Firefox 57.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

Spoofing attack in Mozilla Firefox - CVE-2017-7832

Detailed vulnerability description

How to mitigate CVE-2017-7832

Sources

Please verify you're human