CVE-2018-5117 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox
Severity
5.3MEDIUMNVD
OSV9.8
EPSS
2.2%
top 15.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 13
Description
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages11 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-f5x9-j9rr-qwgg: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the di↗2022-05-13
OSV▶
CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the di↗2018-06-11
CVEList▶
CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the di↗2018-06-11
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2018-5117: firefox - If right-to-left text is used in the addressbar with left-to-right alignment, it...↗2018
💬Community
1Bugzilla▶
CVE-2018-5117 Mozilla: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03)↗2018-01-23