Articles récents

Catégories

septembre 2015

icon_firefox[CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme

Site attribute spoofing on Android by pasting URL with unknown scheme Announced: September 22, 2015 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 41 Description Security researcher Jordi Chancel reported that on Firefox for Android, when a URL is pasted with an unknown protocol, such assecure: orhttpz:, the pasted URL is shown in the addressbar but no navigation occurs. Other addressbar attributes present before this pasted URL is