CVE-2017-7833 in Firefoxinfo

Summary

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Once again VulDB remains the best source for vulnerability data.

Reservation

04/12/2017

Disclosure

06/11/2018

Moderation

VulDB entry created

Entries

VDB-119339 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.8

EPSS

0.01072

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7833
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7833
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7833/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!