icon_firefox[CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events


Android location bar spoofing using fullscreen and JavaScript events


Announced: January 24, 2017
Reporter: Jordi Chancel
Impact: Moderate
Products: Firefox
Fixed in: Firefox 51


  • Description :

A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode.


Note: This issue only affects Firefox for Android. Other operating systems are not affected.


Vulnerability demonstration (video):


Comments are closed.