328 matches found
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
CVE-2018-4277: a“pie”triggered spoofing-vulnerability warning-the black bar safety net
Researchers looking for the browser front-end security issues found in Chrome, Safari, Firefox and other browsers there is a security vulnerability. This article describes Apple products Alphabet d-shaped problems caused by domain spoofing problem. U+A771 The researchers found that Apple products...
Debian DLA-1447-1 : libidn security update
An integer overflow vulnerability was discovered in libidn, the GNU library for Internationalized Domain Names IDNs, in its Punycode handling a Unicode characters to ASCII encoding allowing a remote attacker to cause a denial of service against applications using the library. For Debian 8 'Jessie...
Chaturbate: Homograph attack on redirect URL (https://chaturbate.com/external_link/?url)
Hi There, Hope you are doing good, As i was just playing around with chaturbate.com and found that you guys does not have proper configuration for malicious script injection in website. In Homograph attack basically attacker may able to inject some malicious script with URL. Here i made homograph...
CVE-2017-7832
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing...
CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
Design/Logic Flaw
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
CVE-2017-7838
CVE-2017-7838 affects Mozilla Firefox on desktop (Firefox versions prior to 57). The issue is a Pun ycode/punycode display logic bug where, under certain conditions, a subdomain triggers punycode display instead of showing the native-script primary domain, potentially enabling limited domain spoo...
CVE-2017-7832
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5383
CVE-2017-5383 describes spoofing via specific Unicode glyphs used to alter the location bar content. The initial entry notes impact on Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox
CVE-2017-7833
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combine...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
[SECURITY] Fedora 27 Update: libidn-1.34-1.fc27
GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names IDN working group, used for internationalized domain names...