CVE-2017-7838 log

Source
Severity Low
Remote Yes
Type Content spoofing
Description
Punycode format text in Firefox before 57.0 will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.
Group Package Affected Fixed Severity Status Ticket
AVG-494 firefox 56.0.2-1 57.0-1 Critical Fixed
Date Advisory Group Package Severity Type
15 Nov 2017 ASA-201711-23 AVG-494 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
https://bugzilla.mozilla.org/show_bug.cgi?id=1399540