icon_firefox[CVE-2017-5395] Android location bar spoofing during scrolling


Android location bar spoofing during scrolling


Announced: January 24, 2017
Reporter: Jordi Chancel
Impact: Low
Products: Firefox
Fixed in: Firefox 51


  • Description :

Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly.


Note: This issue only affects Firefox for Android. Other operating systems are not affected.


Vulnerability demonstration (video):


Comments are closed.