Mozilla Firefox is vulnerable to Arbitrary Code Execution. This is because a flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks.
www.securityfocus.com/bid/99057
www.securitytracker.com/id/1038689
www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts
access.redhat.com/errata/RHSA-2017:1440
access.redhat.com/errata/RHSA-2017:1561
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1364283
www.debian.org/security/2017/dsa-3881
www.debian.org/security/2017/dsa-3918
www.mozilla.org/en-US/security/advisories/mfsa2017-16/
www.mozilla.org/security/advisories/mfsa2017-15/
www.mozilla.org/security/advisories/mfsa2017-16/
www.mozilla.org/security/advisories/mfsa2017-17/