cbcvebase.
CVE-2018-5117
published 2018-06-11

CVE-2018-5117: If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed…

medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianfirefox< firefox 58.0-1 (sid)firefox 58.0-1 (sid)
debianfirefox-esr< firefox 58.0-1 (sid)firefox 58.0-1 (sid)
debianthunderbird< firefox 58.0-1 (sid)firefox 58.0-1 (sid)
mozillafirefox< 58.058.0
mozillafirefox< 52.6.052.6.0
mozillafirefox>= 0 < 58.0.2+build1-0ubuntu0.14.04.158.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 58.0+build6-0ubuntu0.14.04.158.0+build6-0ubuntu0.14.04.1
mozillafirefox>= 0 < 58.0.2+build1-0ubuntu0.16.04.158.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= 0 < 58.0+build6-0ubuntu0.16.04.158.0+build6-0ubuntu0.16.04.1
mozillafirefox>= unspecified < 5858
mozillafirefox_esr>= unspecified < 52.652.6
mozillathunderbird< 52.6.052.6.0
mozillathunderbird>= 0 < 1:52.6.0-11:52.6.0-1
mozillathunderbird>= 0 < 1:52.6.0-11:52.6.0-1
mozillathunderbird>= 0 < 1:52.6.0-11:52.6.0-1
mozillathunderbird>= 0 < 1:52.6.0-11:52.6.0-1
mozillathunderbird>= 0 < 1:52.6.0+build1-0ubuntu0.14.04.11:52.6.0+build1-0ubuntu0.14.04.1
mozillathunderbird>= 0 < 1:52.6.0+build1-0ubuntu0.16.04.11:52.6.0+build1-0ubuntu0.16.04.1
mozillathunderbird>= unspecified < 52.652.6

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv9.8CRITICAL