Main Vulnerability Database Vulnerabilities #VU14640

#VU14640 Spoofing attack in Mozilla Firefox - CVE-2018-12382

Published: September 6, 2018

Vulnerability identifier: #VU14640

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12382

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The vulnerability exists due to an error when scrolling the loaded domain out of view to the right. A remote unauthenticated attacker can use a javascript: URI in concert with JavaScript to insert text before the loaded domain name and spoof the displayed addressbar URL on Firefox for Android.

Remediation

Update to version 62.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

#VU14640 Spoofing attack in Mozilla Firefox - CVE-2018-12382

Description

Remediation

External links

Please verify you're human