2018-06-11 21:00:00
mozilla
PUBLISHED
The combined, single character, version of the letter i with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of i followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.