Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing
Medium Nessus Network Monitor Plugin ID 9017
SynopsisThe remote Android host was detected using an outdated version of Mozilla Firefox which is vulnerable to a pasted URL spoofing attack.
DescriptionVersions of Mozilla Firefox for Android earlier than 41.0 are affected by a flaw in 'mobile/android/base/IntentHelper.java' that is triggered when loading a URI with a custom scheme. This may allow a context-dependent attacker to spoof content to the address bar. (CVE-2015-4476)
SolutionUpgrade to Mozilla Firefox 41.0 or later from the Google Play app store.