CVE-2017-5383

MEDIUM

Firefox <51 - Info Disclosure

Title source: llm
STIX 2.1

Description

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References (13)

Core 13
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-03/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-02/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-22
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1323338
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3832
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-13
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3771
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037693
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-01/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0190.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0238.html
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1324716
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95769

Scores

CVSS v3 5.3
EPSS 0.0199
EPSS Percentile 83.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (20)
debian/debian_linux 8.0
mozilla/firefox < 51.0
mozilla/thunderbird < 45.7.0
redhat/enterprise_linux 5.0
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 5.0
... and 10 more
Published Jun 11, 2018
Tracked Since Feb 18, 2026