Main Vulnerability Database Vulnerabilities #VU6338

Address bar spoofing in Mozilla Firefox - CVE-2017-5450

Published: April 19, 2017 / Updated: April 20, 2017

Vulnerability identifier: #VU6338

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5450

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to spoof browser address bar.

The vulnerability exists due to an error when processing using a javascript: URI. A remote attacker can spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.

This vulnerability affects only Firefox for Android.

How to mitigate CVE-2017-5450

Update to Firefox 53.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

Address bar spoofing in Mozilla Firefox - CVE-2017-5450

Detailed vulnerability description

How to mitigate CVE-2017-5450

Sources

Please verify you're human