CVE-2023-5732Multiple Interpretations of UI Input in Mozilla Firefox

CWE-450Multiple Interpretations of UI Input11 documents8 sources
Severity
6.5MEDIUMNVD
OSV4.3
EPSS
0.3%
top 45.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedOct 25
Latest updateNov 2

Description

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified117
NVDmozilla/firefox< 117.0
CVEListV5mozilla/firefox_esrunspecified115.4
NVDmozilla/firefox_esr< 115.4.1
CVEListV5mozilla/thunderbirdunspecified115.4.1

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

4
OSV
thunderbird vulnerabilities2023-11-02
GHSA
GHSA-p85h-gwrr-6mrj: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited2023-10-25
OSV
CVE-2023-5732: An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited2023-10-25
CVEList
Address bar spoofing via bidirectional characters2023-10-24

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2023-11-02
Red Hat
Mozilla: Address bar spoofing via bidirectional characters2023-10-24
Debian
CVE-2023-5732: firefox-esr - An attacker could have created a malicious link using bidirectional characters t...2023
Mozilla
Mozilla Foundation Security Advisory 2023-47: CVE-2023-5732
Mozilla
Mozilla Foundation Security Advisory 2023-34: CVE-2023-5732
CVE-2023-5732 — Multiple Interpretations of UI Input | cvebase