Home > Vulnerability Database > CVE-2017-7764

Mend.io Vulnerability Database

CVE-2017-7764

Good to know:

Date: June 11, 2018

Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Language: Unix

Severity Score

5.3

Related Resources (16)

Url: https://www.debian.org/security/2017/dsa-3881

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1364283

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7764

Url: http://www.securityfocus.com/bid/99057

Url: http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts

Url: https://access.redhat.com/errata/RHSA-2017:1440

Url: https://access.redhat.com/errata/RHSA-2017:1561

Url: https://www.mozilla.org/security/advisories/mfsa2017-17/

Url: https://www.mozilla.org/security/advisories/mfsa2017-15/

Url: https://www.debian.org/security/2017/dsa-3918

Url: http://www.securitytracker.com/id/1038689

Url: https://www.mozilla.org/security/advisories/mfsa2017-16/

Url: https://access.redhat.com/security/cve/CVE-2017-7764

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7764

Url: https://security-tracker.debian.org/tracker/CVE-2017-7764

Url: https://www.mend.io/vulnerability-database/CVE-2017-7764

Severity Score

5.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version firefox - 54.0-1;thunderbird - 52.1.1-2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7764

Good to know:

Date: June 11, 2018

Language: Unix

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?