Vulnerability CVE-2017-5451: Information

Description

A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-5451
Published: June 12, 2018
Modified: Aug. 9, 2018
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus53.0.2-alt1126.0.1-alt1ALT-PU-2017-1577-1182567Fixed
firefoxp1053.0.2-alt1118.0.2-alt0.p10.1ALT-PU-2017-1577-1182567Fixed
firefoxp953.0.2-alt1105.0.1-alt0.c9.1ALT-PU-2017-1577-1182567Fixed
firefoxp853.0.2-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2017-1579-1182593Fixed
firefoxc10f153.0.2-alt1112.0.2-alt0.p10.1ALT-PU-2017-1577-1182567Fixed
firefoxc9f253.0.2-alt1105.0.1-alt0.c9.1ALT-PU-2017-1577-1182567Fixed
firefoxc760.6.1-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-1726-1218597Fixed
firefoxp1153.0.2-alt1126.0.1-alt1ALT-PU-2017-1577-1182567Fixed
firefox-esrsisyphus52.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1052.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp952.1.1-alt1102.11.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp852.3.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2017-2230-1188380Fixed
firefox-esrc10f152.1.1-alt1115.9.1-alt0.c10.1ALT-PU-2017-1578-1182570Fixed
firefox-esrc9f252.1.1-alt1102.12.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1152.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
thunderbirdsisyphus52.1.0-alt1115.9.0-alt1ALT-PU-2017-1553-1182391Fixed
thunderbirdp1052.1.0-alt1115.9.0-alt1ALT-PU-2017-1553-1182391Fixed
thunderbirdp952.1.0-alt1102.11.0-alt0.c9.1ALT-PU-2017-1553-1182391Fixed
thunderbirdp852.3.0-alt0.M80P.160.8.0-alt0.M80P.1ALT-PU-2017-2238-1188382Fixed
thunderbirdc10f152.1.0-alt1115.9.0-alt0.c10.1ALT-PU-2017-1553-1182391Fixed
thunderbirdc9f252.1.0-alt1102.11.0-alt0.c9.1ALT-PU-2017-1553-1182391Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed
thunderbirdp1152.1.0-alt1115.9.0-alt1ALT-PU-2017-1553-1182391Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2017-13/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-10/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1273537
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
RHSA-2017:1201
  • Third Party Advisory
RHSA-2017:1106
  • Third Party Advisory
1038320
  • Third Party Advisory
  • VDB Entry
97940
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      53.0

      Configuration 3

      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      52.1.0

      Configuration 4

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      52.1.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top