Main Vulnerability Database Vulnerabilities #VU9320

#VU9320 Spoofing attack in Mozilla Firefox - CVE-2017-7833

Published: November 15, 2017

Vulnerability identifier: #VU9320

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7833

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to spoof domain names.

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.

Remediation

Update to version Firefox 57.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

#VU9320 Spoofing attack in Mozilla Firefox - CVE-2017-7833

Description

Remediation

External links

Please verify you're human