Mozilla Foundation Security Advisory 2014-40

Firefox for Android addressbar suppression

Announced

April 29, 2014

Reporter

Juho Nurminen

Impact

Moderate

Products

Firefox

Fixed in

Firefox 29

Description

Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly leading to successful phishing attacks.

References

Preventing scrolling also prevents re-showing hidden address bar (CVE-2014-1527)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2014-40

Firefox for Android addressbar suppression

Description

References