CVE-2017-7764
Description
Characters from the Canadian Syllabics unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw punycode form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from Aspirational Use Scripts such as Canadian Syllabics to be mixed with Latin characters in the moderately restrictive IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as Limited Use Scripts.. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox (54.0) | Windows |
| Update for Mozilla Firefox x64 (54.0) | Windows |
| Update for Mozilla Firefox ESR (52.2.0) | Windows |
| Update for Mozilla Firefox ESR x64 (52.2.0) | Windows |
| Update for Mozilla Thunderbird (52.2.0) | Windows |
| Update for Mozilla Thunderbird (52.2.1) | Windows |
| Update for Mozilla Firefox ESR (52.2.1) | Windows |
| Update for Mozilla Firefox ESR x64 (52.2.1) | Windows |
| Update for Mozilla Firefox (54.0.1) | Windows |
| Update for Mozilla Firefox x64 (54.0.1) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (54.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (54.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (52.2.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (52.2.1) | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.1.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.1.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 53.0.3 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.1.1 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.2 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-305924 | Update for Mozilla Firefox (54.0) |
| PATCH-305925 | Update for Mozilla Firefox x64 (54.0) |
| PATCH-305926 | Update for Mozilla Firefox ESR (52.2.0) |
| PATCH-306017 | Update for Mozilla Firefox ESR (52.2.1) |
| PATCH-306019 | Update for Mozilla Firefox (54.0.1) |
| PATCH-306020 | Update for Mozilla Firefox x64 (54.0.1) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234