{ "id": "CVE-2018-5121", "sourceIdentifier": "security@mozilla.org", "published": "2018-06-11T21:29:13.717", "lastModified": "2018-06-25T17:24:45.880", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58." }, { "lang": "es", "value": "Las astas descendentes de algunos caracteres tibetanos en varias fuentes en OS X se recortan cuando se muestran en la barra de direcciones. Cuando se utilizan como parte de un IDN (nombre de dominio internacionalizado), se puede utilizar para realizar ataques de suplantaci\u00f3n de nombres de dominio. Nota: este ataque solo afecta a sistemas operativos OS X. Los otros sistemas operativos no se ven afectados. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndIncluding": "57.0.4", "matchCriteriaId": "1725C8A3-FA9C-4A5E-B46F-48FDB429E7EE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/102786", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1040270", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402368", "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Permissions Required" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] } ] }