Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-2822

Source

Mozilla Foundation Security Advisory 2016-52

Addressbar spoofing though the SELECT element

Announced

June 7, 2016

Reporter

Jordi Chancel

Impact

Moderate

Products

Firefox, Firefox ESR

Fixed in

Firefox 47
Firefox ESR 45.2

Description

Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site.

References

Firefox Navigation from a page with an active dropdown menu can be used for spoofing (CVE-2016-2822)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Addressbar spoofing though the SELECT element

Addressbar spoofing though the SELECT element

Description

References

Vulmon Search

About

Products

Connect