Articles récents

Catégories

avril 2017

icon_firefox[CVE-2017-5451] Addressbar spoofing with onblur event

Addressbar spoofing with onblur event https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5451 Announced: April 19, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 53 Description : Security researcher Jordi Chancel reported a mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded

icon_firefox[CVE-2017-5452] Addressbar spoofing during scrolling with editable content on Firefox for Android

Addressbar spoofing during scrolling with editable content on Firefox for Android https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5452 Announced: April 19, 2017 Reporter: Jordi Chancel Impact: Low Products: Firefox Fixed in: Firefox 53 Description : Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android.