CVE-2017-5383
11.06.2018, 21:29
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux | 5.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| mozilla | thunderbird | 𝑥 < 45.7.0 |
| mozilla | firefox | 𝑥 < 51.0 |
| mozilla | firefox | 𝑥 < 45.7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||
| thunderbird |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-other |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaThunderbird |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaThunderbird-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaThunderbird-translations-common |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaThunderbird-translations-other |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References