Описание
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 51.0-1 | package | |
| firefox-esr | fixed | 45.7.0esr-1 | package | |
| icedove | fixed | 1:45.7.1-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383
EPSS
Связанные уязвимости
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
EPSS