CVE-2017-7825
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
11/06/2018
Last modified:
25/11/2025
Description
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 52.4.0 (excluding) | |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 56.0 (excluding) | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 52.4.0 (excluding) | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/101059
- http://www.securitytracker.com/id/1039465
- https://bugzilla.mozilla.org/show_bug.cgi?id=1390980
- https://bugzilla.mozilla.org/show_bug.cgi?id=1393624
- https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
- https://security.gentoo.org/glsa/201803-14
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- https://www.mozilla.org/security/advisories/mfsa2017-22/
- https://www.mozilla.org/security/advisories/mfsa2017-23/
- http://www.securityfocus.com/bid/101059
- http://www.securitytracker.com/id/1039465
- https://bugzilla.mozilla.org/show_bug.cgi?id=1390980
- https://bugzilla.mozilla.org/show_bug.cgi?id=1393624
- https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
- https://security.gentoo.org/glsa/201803-14
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- https://www.mozilla.org/security/advisories/mfsa2017-22/
- https://www.mozilla.org/security/advisories/mfsa2017-23/