Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/101059 | vdb entry third party advisory |
| https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html | third party advisory mailing list |
| https://www.mozilla.org/security/advisories/mfsa2017-22/ | vendor advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1393624 | issue tracking third party advisory |
| http://www.securitytracker.com/id/1039465 | vdb entry third party advisory |
| https://www.mozilla.org/security/advisories/mfsa2017-21/ | vendor advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1390980 | issue tracking third party advisory |
| https://www.mozilla.org/security/advisories/mfsa2017-23/ | vendor advisory |
| https://security.gentoo.org/glsa/201803-14 | third party advisory vendor advisory |