Mozilla Foundation Security Advisory 2013-105

Application Installation doorhanger persists on navigation

Announced

December 10, 2013

Reporter

Myk Melez

Impact

Moderate

Products

Firefox

Fixed in

Firefox 26

Description

Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an application from one site while making it appear to come from another.

References

Install App doorhanger remains visible when installing page immediately loads another page (CVE-2013-5611)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2013-105

Application Installation doorhanger persists on navigation

Description

References