CVE-2017-7764

Priority
Description
Characters from the "Canadian Syllabics" unicode block can be mixed with
characters from other unicode blocks in the addressbar instead of being
rendered as their raw "punycode" form, allowing for domain name spoofing
attacks through character confusion. The current Unicode standard allows
characters from "Aspirational Use Scripts" such as Canadian Syllabics to be
mixed with Latin characters in the "moderately restrictive" IDN profile. We
have changed Firefox behavior to match the upcoming Unicode version 10.0
which removes this category and treats them as "Limited Use Scripts.". This
vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird <
52.2.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (54.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [54.0+build3-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (54.0+build3-0ubuntu0.16.04.1)
Package
Priority: Low
Upstream:released (52.2.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:52.2.1+build1-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.2.1+build1-0ubuntu0.16.04.1)
More Information

Updated: 2020-03-18 22:50:26 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)