CVE-2017-7764 — Improper Input Validation in Mozilla Firefox
Severity
5.3MEDIUMNVD
OSV9.8
EPSS
1.0%
top 22.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unico…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
4GHSA▶
GHSA-mc3w-fw7x-qrw7: Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rende↗2022-05-14
OSV▶
CVE-2017-7764: Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rende↗2018-06-11