Articles récents

Catégories

icon_firefox[CVE-2018-12382] Addressbar spoofing with javascript URI on Firefox for Android


https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12382

CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android


Announced: September 5, 2018
Reporter: Jordi Chancel
Impact: Low
Products: Firefox
Fixed in: Firefox 62


  • Description :

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion.
This vulnerability only affects Firefox for Android.


Vulnerability demonstration (video):