Articles récents

Catégories

janvier 2017

icon_firefox[CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events

Android location bar spoofing using fullscreen and JavaScript events Announced: January 24, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 51 Description : A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are

icon_firefox[CVE-2017-5395] Android location bar spoofing during scrolling

Android location bar spoofing during scrolling Announced: January 24, 2017 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 51 Description : Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are