CVE-2018-12382

Summary

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for Android < 62.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 62affected

Weaknesses

  • Addressbar spoofing with javascript URI on Firefox for Android

ADP Enrichment

CVE Program Container

Additional References

References