Main Vulnerability Database Vulnerabilities #VU6356

#VU6356 Address bar spoofing in Mozilla Firefox - CVE-2017-5451

Published: April 20, 2017

Vulnerability identifier: #VU6356

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5451

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to spoof browser address bar.

The vulnerability exists due to an error when processing onblur event. A remote attacker can spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.

This vulnerability affects only Firefox for Android.

Remediation

Update to Firefox 53.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

#VU6356 Address bar spoofing in Mozilla Firefox - CVE-2017-5451

Description

Remediation

External links

Please verify you're human