CVE-2017-7838

Summary

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 57affected

Weaknesses

  • Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN

ADP Enrichment

CVE Program Container

Additional References

References