Main Vulnerability Database Vulnerabilities #VU9319

#VU9319 Spoofing attack in Mozilla Firefox - CVE-2017-7832

Published: November 15, 2017

Vulnerability identifier: #VU9319

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7832

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to spoof domain names.

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

A remote attacker can successfully perform a spoofing attack against domains with letter 'i.

Remediation

Update to version Firefox 57.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

#VU9319 Spoofing attack in Mozilla Firefox - CVE-2017-7832

Description

Remediation

External links

Please verify you're human