PT-2018-1348 · Mozilla+1 · Firefox+1

Khalil Zhani

Published

2018-01-23

Updated

2024-12-12

CVE-2018-5121

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 58

Description The issue is related to the incorrect rendering of some Tibetan characters in the address bar when using certain fonts on OS X. This can be exploited for domain name spoofing attacks when used as part of an Internationalized Domain Name (IDN). The attack only affects OS X operating systems, with other operating systems being unaffected.

Recommendations For Firefox versions prior to 58, update to version 58 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Tibetan characters in the address bar or restricting access to potentially spoofed domains until the update is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-1178

BDU:2018-00863

CVE-2018-5121

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

PT-2018-1348 · Mozilla+1 · Firefox+1

CVE-2018-5121

Weakness Enumeration

Related Identifiers

Affected Products

References · 1870