Your submission was sent successfully! Close

CVE-2017-7832

Published: 15 November 2017

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
artful
Released (57.0+build4-0ubuntu0.17.10.5)
bionic
Released (57.0.1+build2-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [57.0+build4-0ubuntu0.14.04.4])
upstream
Released (57.0)
xenial
Released (57.0+build4-0ubuntu0.16.04.5)
zesty
Released (57.0+build4-0ubuntu0.17.04.5)