Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing

Medium Nessus Network Monitor Plugin ID 9017


The remote Android host was detected using an outdated version of Mozilla Firefox which is vulnerable to a pasted URL spoofing attack.


Versions of Mozilla Firefox for Android earlier than 41.0 are affected by a flaw in 'mobile/android/base/' that is triggered when loading a URI with a custom scheme. This may allow a context-dependent attacker to spoof content to the address bar. (CVE-2015-4476)


Upgrade to Mozilla Firefox 41.0 or later from the Google Play app store.

See Also

Plugin Details

Severity: Medium

ID: 9017

Published: 2015/12/07

Modified: 2015/12/07

Dependencies: 6534

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.6


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_mobile

Patch Publication Date: 2015/09/22

Vulnerability Publication Date: 2015/07/27

Reference Information

CVE: CVE-2015-4476

BID: 76815