Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox for Android < 41.0 Unknown Protocol Pasted URL Handling Spoofing

Medium

Synopsis

The remote Android host was detected using an outdated version of Mozilla Firefox which is vulnerable to a pasted URL spoofing attack.

Description

Versions of Mozilla Firefox for Android earlier than 41.0 are affected by a flaw in 'mobile/android/base/IntentHelper.java' that is triggered when loading a URI with a custom scheme. This may allow a context-dependent attacker to spoof content to the address bar. (CVE-2015-4476)

Solution

Upgrade to Mozilla Firefox 41.0 or later from the Google Play app store.