Open Redirect Vulnerability in Firefox for Android
CVE-2024-8897

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For Android
Vendor: CVE Published:; 17 September 2024

Summary

An open redirect vulnerability in Firefox for Android allows attackers to exploit the redirect functionality of trusted websites. This leads to the potential spoofing of the browser's address bar, making it difficult for users to discern whether they are on a legitimate site or a malicious one. Attackers could redirect users to fraudulent websites that mimic trusted addresses, thereby increasing the risk of phishing attacks and unauthorized data acquisition. This issue specifically affects versions of Firefox for Android prior to 130.0.1, highlighting the importance of timely updates and awareness of security practices to mitigate such risks.

Affected Version(s)

Firefox for Android < 130.0.1

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1862537

https://www.mozilla.org/security/advisories/mfsa2024-45/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 17, 2024