Articles récents

Catégories

juin 2017

icon_firefox[CVE-2017-7770] Addressbar spoofing with JavaScript events and fullscreen mode on Firefox for Android

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770 Addressbar spoofing with JavaScript events and fullscreen mode Announced: June 13, 2017 Reporter: Jordi Chancel Impact: Moderate Products: Firefox Fixed in: Firefox 54 Description : Security researcher Jordi Chancel reported a mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of