The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 5.3
Impact Score: 1.4
Exploitability Score: 3.9
|700321||Mozilla Firefox < 56 Multiple Vulnerabilities||Nessus Network Monitor||Web Clients|
|103680||Mozilla Firefox < 56 Multiple Vulnerabilities||Nessus||Windows|
|103678||Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)||Nessus||MacOS X Local Security Checks|
|103556||FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)||Nessus||FreeBSD Local Security Checks|