Описание
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.
Ссылки
- Issue TrackingPermissions Required
- Issue TrackingPermissions Required
- Vendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.1 High
CVSS3
Дефекты
Связанные уязвимости
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.
The Firefox and Firefox Focus UI for the Android custom tab feature on ...
The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144.
Уязвимость пользовательского интерфейса браузеров Mozilla Firefox и Firefox Focus, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
8.1 High
CVSS3