CVE-2017-5383

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

http://rhn.redhat.com/errata/RHSA-2017-0190.html

http://rhn.redhat.com/errata/RHSA-2017-0238.html

http://www.securityfocus.com/bid/95769

http://www.securitytracker.com/id/1037693

https://bugzilla.mozilla.org/show_bug.cgi?id=1323338

https://bugzilla.mozilla.org/show_bug.cgi?id=1324716

https://security.gentoo.org/glsa/201702-13

https://security.gentoo.org/glsa/201702-22

https://www.debian.org/security/2017/dsa-3771

https://www.debian.org/security/2017/dsa-3832

https://www.mozilla.org/security/advisories/mfsa2017-01/

https://www.mozilla.org/security/advisories/mfsa2017-02/

https://www.mozilla.org/security/advisories/mfsa2017-03/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-02

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
101418Virtuozzo 6 : thunderbird (VZLSA-2017-0238)NessusVirtuozzo Local Security Checks
critical
101416Virtuozzo 6 : firefox (VZLSA-2017-0190)NessusVirtuozzo Local Security Checks
critical
99858EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)NessusHuawei Local Security Checks
critical
99857EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)NessusHuawei Local Security Checks
critical
99545Debian DSA-3832-1 : icedove - security updateNessusDebian Local Security Checks
critical
99442Debian DLA-896-1 : icedove/thunderbird security updateNessusDebian Local Security Checks
critical
97265GLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97256GLSA-201702-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97082SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0427-1)NessusSuSE Local Security Checks
critical
97081SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)NessusSuSE Local Security Checks
critical
97047Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)NessusUbuntu Local Security Checks
critical
96975Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20170202)NessusScientific Linux Local Security Checks
critical
96970Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0238)NessusOracle Linux Local Security Checks
critical
96962CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0238)NessusCentOS Local Security Checks
critical
96949RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0238)NessusRed Hat Local Security Checks
critical
96941openSUSE Security Update : MozillaThunderbird (openSUSE-2017-188)NessusSuSE Local Security Checks
critical
96940openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)NessusSuSE Local Security Checks
critical
9928Mozilla Firefox ESR < 45.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
9927Mozilla Firefox < 51 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
96905Mozilla Thunderbird < 45.7 Multiple VulnerabilitiesNessusWindows
critical
96904Mozilla Thunderbird < 45.7 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96872Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)NessusUbuntu Local Security Checks
critical
96871Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3165-1)NessusUbuntu Local Security Checks
critical
96815Debian DLA-800-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
96813CentOS 5 / 6 / 7 : firefox (CESA-2017:0190)NessusCentOS Local Security Checks
critical
96804Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)NessusSlackware Local Security Checks
critical
96792Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20170125)NessusScientific Linux Local Security Checks
critical
96791RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)NessusRed Hat Local Security Checks
critical
96789Oracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)NessusOracle Linux Local Security Checks
critical
96780Debian DSA-3771-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
96776Mozilla Firefox < 51.0 Multiple VulnerabilitiesNessusWindows
critical
96775Mozilla Firefox ESR < 45.7 Multiple VulnerabilitiesNessusWindows
critical
96774Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96773Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96743FreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)NessusFreeBSD Local Security Checks
critical