CVE-2017-5383
Publication date 25 January 2017
Last updated 24 July 2024
Ubuntu priority
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 16.04 LTS xenial |
Fixed 51.0.1+build2-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 51.0.1+build2-0ubuntu0.14.04.1
|
|
| thunderbird | ||
| 16.04 LTS xenial |
Fixed 1:45.7.0+build1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1:45.7.0+build1-0ubuntu0.14.04.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3175-1
- Firefox vulnerabilities
- 27 January 2017
- USN-3165-1
- Thunderbird vulnerabilities
- 28 January 2017