CVE-2015-7185 — Mozilla Firefox vulnerability

CWE-2542 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 5

Latest updateMay 17

Description

Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox41.0.2

🔴Vulnerability Details

GHSA

GHSA-w8qx-wh3f-f42p: Mozilla Firefox before 42↗2022-05-17

▶