Bug 1021838 (CVE-2017-5395) - VUL-0: CVE-2017-5395: MozillaFirefox: Android location bar spoofing during scrolling
Summary: VUL-0: CVE-2017-5395: MozillaFirefox: Android location bar spoofing during sc...
Status: RESOLVED WORKSFORME
Alias: CVE-2017-5395
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Android 5.0.x
: P5 - None : Minor
Target Milestone: ---
Assignee: Wolfgang Rosenauer
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1021991
  Show dependency treegraph
 
Reported: 2017-01-25 09:09 UTC by Andreas Stieger
Modified: 2017-01-25 22:20 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-25 09:09:30 UTC 
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Jordi Chancel
Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected.

https://bugzilla.mozilla.org/show_bug.cgi?id=1293463
Comment 1 Andreas Stieger 2017-01-25 09:12:35 UTC 
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Andreas Stieger 2017-01-25 09:19:19 UTC 
This issue only affects Firefox for Android. Other operating systems are not affected.