CVE-2017-7764
- ULN >
- Oracle Linux CVE repository >
- CVE-2017-7764
CVE Details
| Release Date: | 2018-06-11 | |
| Impact: | None | What is this? |
Description
Characters from the Canadian Syllabics unicode block can be mixedwith characters from other unicode blocks in the addressbar instead of being rendered as their raw punycode form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from Aspirational Use Scripts such as Canadian Syllabics to be mixed with Latin characters in the moderately restrictive IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as Limited Use Scripts. . This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
See more information about CVE-2017-7764 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v2 metrics
| Base Score: | 5.0 |
| Vector String: | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Version: | 2.0 |
| Attack Vector: | Network |
| Attack Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | None |
| Integrity Impact: | Partial |
| Availability Impact: | None |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 6 (firefox) | ELSA-2017-1440 | 2017-06-14 |
| Oracle Linux version 6 (thunderbird) | ELSA-2017-1561 | 2017-06-21 |
| Oracle Linux version 7 (firefox) | ELSA-2017-1440 | 2017-06-14 |
| Oracle Linux version 7 (thunderbird) | ELSA-2017-1561 | 2017-06-21 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
