CVE-2017-7764 log

Source
Severity Medium
Remote Yes
Type Content spoofing
Description
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. Firefox and Thunderbird behavior has been changed to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts."
Group Package Affected Fixed Severity Status Ticket
AVG-303 thunderbird 52.1.1-1 52.2.0-1 Critical Fixed
AVG-302 firefox 53.0.3-1 54.0-1 Critical Fixed
Date Advisory Group Package Severity Description
16 Jun 2017 ASA-201706-20 AVG-303 thunderbird Critical multiple issues
16 Jun 2017 ASA-201706-19 AVG-302 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
https://bugzilla.mozilla.org/show_bug.cgi?id=1364283
http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts