Font-based IDN Spoofing Vulnerability on OS X

Font-based IDN Spoofing Vulnerability on OS X

CVE-2017-7825 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Learn more about our Cis Benchmark Audit For Operating Systems.