CVE-2017-5383 — Improper Input Validation in Mozilla Firefox
Severity
5.3MEDIUMNVD
OSV9.8
EPSS
2.4%
top 14.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages10 packages
Also affects: Debian Linux 8.0, Enterprise Linux 5.0, 6.0, 7.0, 7.3, 7.4, 7.5
🔴Vulnerability Details
6GHSA▶
GHSA-qr6h-8c8f-v3mw: URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing↗2022-05-14
CVEList▶
CVE-2017-5383: URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing↗2018-06-11
OSV▶
CVE-2017-5383: URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing↗2018-06-11
📋Vendor Advisories
5Debian▶
CVE-2017-5383: firefox - URLs containing certain unicode glyphs for alternative hyphens and quotes do not...↗2017
💬Community
1Bugzilla
▶