CVE-2017-7825

Published: Jun 11, 2018Modified: Nov 25, 2025

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Affected (4)

Products: Debian: Debian Linux · Mozilla: Firefox, Thunderbird

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 52.4.0
Mozilla Firefox	Before 56.0
Mozilla Thunderbird	Before 52.4.0

Running on/with	Platform Versions
Apple Mac Os X	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://www.securityfocus.com/bid/101059

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039465

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1390980

Source: security@mozilla.org

Issue TrackingThird Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1393624

Source: security@mozilla.org

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

Source: security@mozilla.org

Third Party Advisory

https://security.gentoo.org/glsa/201803-14

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-21/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-22/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-23/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/101059

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039465

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1390980

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1393624

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201803-14

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-21/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-23/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.