CVE-2018-12382
Last modified
CVE-2018-12382 is a vulnerability of currently unknown severity. The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. EPSS estimates a 1.68% chance of exploitation in the next 30 days.
Description
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 62.0 |
References
- http://www.securityfocus.com/bid/105276Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041610Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1479311Exploit, Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-20/Vendor Advisory
- http://www.securityfocus.com/bid/105276Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041610Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1479311Exploit, Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-20/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12382?
How severe is CVE-2018-12382?
How do I fix CVE-2018-12382?
Are you affected by CVE-2018-12382?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST