9 matches found
SUSE CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
UBUNTU-CVE-2019-11721
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...
CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
UBUNTU-CVE-2017-7838
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects CVE-2017-7832: Domain spoofing throug...
Brave Software: homograph-attack (unicode vuln)
Hi team Summary: Affacted product appears identicaly different websites domains attacker uses unicode to register domains that look identical to real domains ,These fake domains can be used to fool users into signing into a fake website, thereby handing over their login credentials to an...
Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
CVE-2017-5383
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...