CVE-2017-5383
5.3
MEDIUM
CVSS 3.1
EPSS 2.0%
Description
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
How to fix CVE-2017-5383
To remediate CVE-2017-5383, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 45.7.0esr-1 or later
Is CVE-2017-5383 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 45.7.0esr-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |