Main Vulnerability Database Vulnerabilities #VU6342

Address bar spoofing in Mozilla Firefox - CVE-2017-5452

Published: April 19, 2017

Vulnerability identifier: #VU6342

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5452

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to spoof browser address bar.

The vulnerability exists due to an error during scrolling with editable content. Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected.

This vulnerability affects only Firefox for Android.

How to mitigate CVE-2017-5452

Update to Firefox 53.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

Address bar spoofing in Mozilla Firefox - CVE-2017-5452

Detailed vulnerability description

How to mitigate CVE-2017-5452

Sources

Please verify you're human