CVE-2023-5732 — Multiple Interpretations of UI Input

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	firefox-esr	< firefox-esr 115.4.0esr-1~deb12u1 (bookworm)	firefox-esr 115.4.0esr-1~deb12u1 (bookworm)
debian	thunderbird	< firefox-esr 115.4.0esr-1~deb12u1 (bookworm)	firefox-esr 115.4.0esr-1~deb12u1 (bookworm)
mozilla	firefox	< 117.0	117.0
mozilla	firefox	—	—
mozilla	firefox	>= unspecified < 117	117
mozilla	firefox_esr	< 115.4.1	115.4.1
mozilla	firefox_esr	>= unspecified < 115.4	115.4
mozilla	thunderbird	< 115.4.1	115.4.1
mozilla	thunderbird	>= 0 < 1:115.4.1-1~deb11u1	1:115.4.1-1~deb11u1
mozilla	thunderbird	>= 0 < 1:115.4.1-1~deb12u1	1:115.4.1-1~deb12u1
mozilla	thunderbird	>= 0 < 1:115.4.1-1	1:115.4.1-1
mozilla	thunderbird	>= 0 < 1:115.4.1-1	1:115.4.1-1
mozilla	thunderbird	>= 0 < 1:115.4.1+build1-0ubuntu0.20.04.1	1:115.4.1+build1-0ubuntu0.20.04.1
mozilla	thunderbird	>= 0 < 1:115.4.1+build1-0ubuntu0.22.04.1	1:115.4.1+build1-0ubuntu0.22.04.1
mozilla	thunderbird	>= unspecified < 115.4.1	115.4.1

OSV

thunderbird vulnerabilities

osv·2023-11-02·CVSS 4.3

CVE-2023-5724 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-5724, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732) Kelsey Gilbert discovered that Thunderbird did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking. (CVE-2023-5721) Shaheen Fazim discovered that Thunderbird did not properly validate the URLs open by installed WebExtension. An attacker could potentially exploit th

GHSA

GHSA-p85h-gwrr-6mrj: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited

ghsa_unreviewed·2023-10-25

CVE-2023-5732 [MEDIUM] GHSA-p85h-gwrr-6mrj: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

OSV

CVE-2023-5732: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited

osv·2023-10-25·CVSS 6.5

CVE-2023-5732 [MEDIUM] CVE-2023-5732: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Ubuntu

Thunderbird vulnerabilities

vendor_ubuntu·2023-11-02·CVSS 4.3

CVE-2023-5724 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-5724, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732) Kelsey Gilbert discovered that Thunderbird did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking. (CVE-2023-5721) Shaheen Fazim discovered that Thunderbird did not properly validate the URLs open

Red Hat

Mozilla: Address bar spoofing via bidirectional characters

vendor_redhat·2023-10-24·CVSS 6.5

CVE-2023-5732 [MEDIUM] CWE-450 Mozilla: Address bar spoofing via bidirectional characters Mozilla: Address bar spoofing via bidirectional characters An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Li

Debian

CVE-2023-5732: firefox-esr - An attacker could have created a malicious link using bidirectional characters t...

vendor_debian·2023·CVSS 6.5

CVE-2023-5732 [MEDIUM] CVE-2023-5732: firefox-esr - An attacker could have created a malicious link using bidirectional characters t... An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Scope: local bookworm: resolved (fixed in 115.4.0esr-1~deb12u1) bullseye: resolved (fixed in 115.4.0esr-1~deb11u1) forky: resolved (fixed in 115.4.0esr-1) sid: resolved (fixed in 115.4.0esr-1) trixie: resolved (fixed in 115.4.0esr-1)

Mozilla

Mozilla Foundation Security Advisory 2023-47: CVE-2023-5732

vendor_mozilla·CVSS 6.5

CVE-2023-5732 [MEDIUM] Mozilla Foundation Security Advisory 2023-47: CVE-2023-5732 Mozilla Foundation Security Advisory 2023-47 CVE: CVE-2023-5732 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.4.1

Mozilla

Mozilla Foundation Security Advisory 2023-34: CVE-2023-5732

vendor_mozilla·CVSS 6.5

CVE-2023-5732 [MEDIUM] Mozilla Foundation Security Advisory 2023-34: CVE-2023-5732 Mozilla Foundation Security Advisory 2023-34 CVE: CVE-2023-5732 Product: Firefox Impact: high Fixed in: Firefox 117

Mozilla

Mozilla Foundation Security Advisory 2023-46: CVE-2023-5732

vendor_mozilla·CVSS 6.5

CVE-2023-5732 [MEDIUM] Mozilla Foundation Security Advisory 2023-46: CVE-2023-5732 Mozilla Foundation Security Advisory 2023-46 CVE: CVE-2023-5732 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.4

CVE-2023-5732: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability…

Affected

CVSS provenance