Remote Spoofing Vulnerability in Firefox for Android by Mozilla
CVE-2016-1940

5.3MEDIUM

Key Information:

Vendor

Google
Status
Android
Firefox
Vendor
CVE Published:
31 January 2016

What is CVE-2016-1940?

Mozilla Firefox versions prior to 44.0 on Android contain a vulnerability that allows remote attackers to spoof the address bar. This occurs through mishandling of data: URLs during both shortcut opening and bookmark intent processing, which can mislead users by showing inaccurate addresses. This issue highlights the importance of proper URL handling in mobile applications to prevent potential exploitation.

References

http://www.securitytracker.com/id/1034825
vdb-entryx_refsource_SECTRACK
https://bugzilla.mozilla.org/show_bug.cgi?id=1208525
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2016/mfsa2016-05...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.