5.3

CVE-2018-12382

Exploit
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version62.0
   GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1041610
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105276
Third Party Advisory
VDB Entry
https://www.mozilla.org/security/advisories/mfsa2018-20/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1479311
Vendor Advisory
Exploit
Issue Tracking