CVE-2017-7825

2018-06-1121:00:00

mozilla

www.cve.org

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "56",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "52.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "52.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]