Описание
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-7185
- https://bugzilla.mozilla.org/show_bug.cgi?id=1149000
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-119.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1034069
EPSS
CVE ID
Связанные уязвимости
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.
Mozilla Firefox before 42.0 on Android does not ensure that the addres ...
Уязвимость браузера Firefox, позволяющая нарушителю подменить адресную строку
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey
EPSS