First published: Wed Sep 05 2018(Updated: )
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <62 | 62 |
Mozilla Firefox | =62.0 | |
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-12382 has a medium severity rating due to its potential to confuse users.
To mitigate CVE-2018-12382, users should upgrade to Mozilla Firefox version 63 or later.
CVE-2018-12382 affects Mozilla Firefox version 62 and earlier.
CVE-2018-12382 can lead to user confusion by spoofing the displayed URL in the address bar.
No, CVE-2018-12382 specifically affects Firefox for Android.