Archive for novembre 2016

icon_firefox[CVE-2016-5298] SSL indicator can mislead the user about the real URL visited


SSL indicator can mislead the user about the real URL visited


Announced: November 15, 2016
Reporter: Jordi Chancel
Impact: Moderate
Products: Firefox
Fixed in: Firefox 50


  • Description :

Security researcher Jordi Chancel reported a mechanism where disruption of the loading of a new web page can cause the previous page’s favicon and SSL indicator to not be reset when the new page is loaded.


Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected.


Vulnerability demonstration (video):