Addressbar spoofing during scrolling with editable content on Firefox for Android
Announced: April 19, 2017
Reporter: Jordi Chancel
Fixed in: Firefox 53
- Description :
Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected.
Note: This attack only affects Firefox for Android. Other operating systems are not affected.
Vulnerability demonstration (video):