CVE-2017-7833

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 57

Description The issue allows for domain spoofing attacks by combining Arabic and Indic vowel marker characters with Latin characters in a domain name. This combination can make the non-Latin character invisible to most viewers with certain font sets on the address bar, as these combined domain names do not display as punycode. The vulnerability is related to an insufficient input validation mechanism in the address bar.

Recommendations For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider avoiding the use of combined domain names that include Arabic and Indic vowel marker characters with Latin characters until the issue is resolved. Restrict access to potentially spoofed domains to minimize the risk of exploitation.