Tibetan Character Domain Name Spoofing Vulnerability on OS X

CVE-2017-7763 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Learn more about our Cis Benchmark Audit For Operating Systems.