Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-7191

Source

Mozilla Foundation Security Advisory 2015-125

XSS attack through intents on Firefox for Android

Announced

November 3, 2015

Reporter

Muneaki Nishimura

Impact

High

Products

Firefox

Fixed in

Firefox 42

Description

Security researcher Muneaki Nishimura reported that on Firefox for Android that it is possible to create a cross-site script (XSS) attack through the use of Android intents and fallback navigation. This issue is caused by improper sterilization of opened addresses sent to Firefox through intents.

This issue only affects Firefox for Android. Firefox on other operating systems is not affected.

References

Universal XSS in intent: URL on Fennec (CVE-2015-7191)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

XSS attack through intents on Firefox for Android

XSS attack through intents on Firefox for Android

Description

References

Vulmon Search

About

Products

Connect