Vulnerability CVE-2017-7832: Information

Description

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7832
Published: June 12, 2018
Modified: June 25, 2018
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus57.0.1-alt1125.0.2-alt1ALT-PU-2017-2739-1195790Fixed
firefoxp1057.0.1-alt1118.0.2-alt0.p10.1ALT-PU-2017-2739-1195790Fixed
firefoxp957.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2017-2739-1195790Fixed
firefoxp857.0.1-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2017-2773-1195836Fixed
firefoxc10f157.0.1-alt1112.0.2-alt0.p10.1ALT-PU-2017-2739-1195790Fixed
firefoxc9f257.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2017-2739-1195790Fixed
firefoxc760.6.1-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-1726-1218597Fixed
firefox-esrsisyphus60.0.1-alt1115.10.0-alt1ALT-PU-2018-1854-1207816Fixed
firefox-esrp1060.0.1-alt1115.10.0-alt1ALT-PU-2018-1854-1207816Fixed
firefox-esrp960.0.1-alt1102.11.0-alt0.c9.1ALT-PU-2018-1854-1207816Fixed
firefox-esrp860.1.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2018-1966-1207865Fixed
firefox-esrc10f160.0.1-alt1115.9.1-alt0.c10.1ALT-PU-2018-1854-1207816Fixed
firefox-esrc9f260.0.1-alt1102.12.0-alt0.c9.1ALT-PU-2018-1854-1207816Fixed
palemoonsisyphus27.6.2-alt133.0.2-alt1ALT-PU-2017-2721-1195696Fixed
palemoonp1027.6.2-alt133.0.1-alt1ALT-PU-2017-2721-1195696Fixed
palemoonp827.6.2-alt0.M80P.127.8.3-alt0.M80P.1ALT-PU-2017-2731-1195701Fixed
palemoonc10f127.6.2-alt132.0.1-alt1ALT-PU-2017-2721-1195696Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2017-24/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1408782
  • Issue Tracking
  • Permissions Required
1039803
  • Third Party Advisory
  • VDB Entry
101832
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End including
      56.0.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top