Android intents can be used to launch Firefox for Android in reader mode
with a user specified URL. This allows an attacker to spoof the contents of
the addressbar as displayed to users. Note: This attack only affects
Firefox for Android. Other operating systems are not affected. This
vulnerability affects Firefox < 53.
Author | Note |
---|---|
chrisccoulson | Android only |