CVE-2017-5383

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5383

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5383.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-5383

Downstream

DEBIAN-CVE-2017-5383

DLA-800-1

DLA-896-1

DSA-3771-1

DSA-3832-1

RHSA-2017:0190

RHSA-2017:0238

SUSE-SU-2017:0426-1

SUSE-SU-2017:0427-1

UBUNTU-CVE-2017-5383

USN-3165-1

USN-3175-1

openSUSE-SU-2017:0354-1

openSUSE-SU-2017:0357-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-06-11T21:29:03Z

Modified

2025-08-09T20:01:25Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

Affected packages