CVE-2017-7833

Published: 15 November 2017

Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (57.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (57.0.1+build2-0ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (57.0+build4-0ubuntu0.16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [57.0+build4-0ubuntu0.14.04.4])