CVE: CVE-2017-7825

Descrizione: Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Vettore di attacco

Riferimenti esterni

• http://www.securityfocus.com/bid/101059
• https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
• https://www.mozilla.org/security/advisories/mfsa2017-22/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1393624
• http://www.securitytracker.com/id/1039465
• https://www.mozilla.org/security/advisories/mfsa2017-21/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1390980
• https://www.mozilla.org/security/advisories/mfsa2017-23/
• https://security.gentoo.org/glsa/201803-14

Prodotti interessati

• Mozilla – Firefox
• Mozilla – Firefox ESR
• Mozilla – Thunderbird

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2017
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2017
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2017
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2017)