Punycode Spoofing Vulnerability in Firefox < 57

Punycode Spoofing Vulnerability in Firefox < 57

CVE-2017-7838 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.

Learn more about our User Device Pen Test.