CVE-2017-5452: Input Validation

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1344517
• https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
• https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5459
• http://www.securityfocus.com/bid/97940
• http://www.securitytracker.com/id/1038320
• https://www.mozilla.org/security/advisories/mfsa2017-10/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2017-10

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2017-5433
• CVE-2017-5435
• CVE-2017-5436
• CVE-2017-5461
• CVE-2017-5459
• CVE-2017-5466
• CVE-2017-5434
• CVE-2017-5432
• CVE-2017-5460
• CVE-2017-5438
• CVE-2017-5439
• CVE-2017-5440
• CVE-2017-5441
• CVE-2017-5442
• CVE-2017-5464
• CVE-2017-5443
• CVE-2017-5444
• CVE-2017-5446
• CVE-2017-5447
• CVE-2017-5465
• CVE-2017-5448
• CVE-2016-10196
• CVE-2017-5454
• CVE-2017-5455
• CVE-2017-5456
• CVE-2017-5469
• CVE-2017-5445
• CVE-2017-5449
• CVE-2017-5450
• CVE-2017-5451
• CVE-2017-5462
• CVE-2017-5463
• CVE-2017-5467
• CVE-2017-5452
• CVE-2017-5453
• CVE-2017-5458
• CVE-2017-5468
• CVE-2017-5430
• CVE-2017-5429

Frequently Asked Questions

• What is the severity of CVE-2017-5452?

  CVE-2017-5452 has a severity rating of medium, as it allows malicious sites to spoof the address bar on Firefox for Android.

• How can I mitigate CVE-2017-5452?

  To address CVE-2017-5452, users should update Firefox for Android to version 54 or later, as the vulnerability is fixed in this release.

• Who is affected by CVE-2017-5452?

  CVE-2017-5452 specifically affects users of Firefox for Android versions below 54.

• What kind of attack does CVE-2017-5452 enable?

  CVE-2017-5452 enables attackers to display a spoofed address bar, potentially misleading users about the true identity of a website.

• Is CVE-2017-5452 affecting other operating systems?

  No, CVE-2017-5452 only impacts Firefox for Android and does not affect other operating systems.