VDB
CVE-2017-7832
CVE-2017-7832
PUBLISHED
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.
EPSS 0.98% · 77.2th percentile
Risk Scores
EPSS Score
0.98%
77.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | firefox | 0, 56.0+build6-0ubuntu1 |
| Ubuntu:14.04:LTS | firefox | 28.0+build2-0ubuntu1, 29.0+build1-0ubuntu0.14.04.2, 31.0+build1-0ubuntu0.14.04.1 |
| Ubuntu:16.04:LTS | firefox | 44.0.1+build1-0ubuntu1, 44.0.2+build1-0ubuntu1, 45.0+build2-0ubuntu1 |
Timeline
- Nov 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7832 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3477-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7832 third-party-advisory