CVE-2017-7825

Summary

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 56affected
MozillaFirefox ESRunspecified < 52.4affected
MozillaThunderbirdunspecified < 52.4affected

Weaknesses

  • OS X fonts render some Tibetan and Arabic unicode characters as spaces

ADP Enrichment

CVE Program Container

Additional References

References