Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
Oracle |
|
|
|
Mozilla |
|
Fedoraproject |
|
Configuration 1 [-]
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
|
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html | Third Party Advisory |
http://www.mozilla.org/security/announce/2014/mfsa2014-40.html | Vendor Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | Third Party Advisory |
http://www.securitytracker.com/id/1030163 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=960146 | Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2014-04-30T10:00:00
Updated: 2016-09-30T12:57:01
Reserved: 2014-01-16T00:00:00
Link: CVE-2014-1527
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-04-30T10:49:04.910
Modified: 2016-11-17T12:33:36.827
Link: CVE-2014-1527
JSON object: View
Redhat Information
No data.
CWE