Tibetan Character Clipping Vulnerability in OS X: Domain Name Spoofing Attack

Tibetan Character Clipping Vulnerability in OS X: Domain Name Spoofing Attack

CVE-2018-5121 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.

Learn more about our Cis Benchmark Audit For Operating Systems.