← Back to CVEs
CVE-2017-7832
N/ADescription
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.
CVE Details
CVSS v3.1 ScoreN/A
Published6/11/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
mozilla:firefox
Weaknesses (CWE)
CWE-20
References
http://www.securityfocus.com/bid/101832(security@mozilla.org)
http://www.securitytracker.com/id/1039803(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1408782(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2017-24/(security@mozilla.org)
http://www.securityfocus.com/bid/101832(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039803(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1408782(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-24/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.