Lucene search

PRIOn knowledge basePRION:CVE-2023-5732

HistoryOct 25, 2023 - 6:17 p.m.

Code injection

2023-10-2518:17:00

PRIOn knowledge base

www.prio-n.com

malicious link

bidirectional characters

address bar spoofing

firefox

thunderbird

vulnerability

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
firefoxlt117.0
firefox_esrlt115.4.1
thunderbirdlt115.4.1

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
firefox	lt	117.0
firefox_esr	lt	115.4.1
thunderbird	lt	115.4.1

References

bugzilla.mozilla.org/show_bug.cgi?id=1690979

bugzilla.mozilla.org/show_bug.cgi?id=1836962

lists.debian.org/debian-lts-announce/2023/10/msg00037.html

lists.debian.org/debian-lts-announce/2023/10/msg00042.html

www.debian.org/security/2023/dsa-5535

www.debian.org/security/2023/dsa-5538

www.mozilla.org/security/advisories/mfsa2023-34/

www.mozilla.org/security/advisories/mfsa2023-46/

www.mozilla.org/security/advisories/mfsa2023-47/