Main Vulnerability Database Vulnerabilities #VU6340

Address bar spoofing in Mozilla Firefox - CVE-2017-5463

Published: April 19, 2017

Vulnerability identifier: #VU6340

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5463

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to spoof browser address bar.

The vulnerability exists due to an error when processing reader view. Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users.

This vulnerability affects only Firefox for Android.

How to mitigate CVE-2017-5463

Update to Firefox 53.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

Address bar spoofing in Mozilla Firefox - CVE-2017-5463

Detailed vulnerability description

How to mitigate CVE-2017-5463

Sources

Please verify you're human