Main Vulnerability Database Vulnerabilities #VU6356

Address bar spoofing in Mozilla Firefox - CVE-2017-5451

Published: April 20, 2017

Vulnerability identifier: #VU6356

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5451

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to spoof browser address bar.

The vulnerability exists due to an error when processing onblur event. A remote attacker can spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.

This vulnerability affects only Firefox for Android.

How to mitigate CVE-2017-5451

Update to Firefox 53.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

Address bar spoofing in Mozilla Firefox - CVE-2017-5451

Detailed vulnerability description

How to mitigate CVE-2017-5451

Sources

Please verify you're human