CVE-2017-5463 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.8%

top 26.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 14

Description

Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5mozilla/firefoxunspecified — 53

▶NVDmozilla/firefox< 53.0

▶debiandebian/firefox

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-vg32-fmv3-phhm: Android intents can be used to launch Firefox for Android in reader mode with a user specified URL↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2017-5463: firefox - Android intents can be used to launch Firefox for Android in reader mode with a ...↗2017

▶

💬Community

Bugzilla

Address bar spoof in reader mode↗2017-04-20

▶