CVE-2017-7832
Last modified
CVE-2017-7832 is a vulnerability of currently unknown severity. The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. EPSS estimates a 1.51% chance of exploitation in the next 30 days.
Description
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 56.0.2 |
References
- http://www.securityfocus.com/bid/101832Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039803Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1408782Issue Tracking, Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2017-24/Vendor Advisory
- http://www.securityfocus.com/bid/101832Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039803Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1408782Issue Tracking, Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2017-24/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7832?
How severe is CVE-2017-7832?
How do I fix CVE-2017-7832?
Are you affected by CVE-2017-7832?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST