Mozilla Foundation Security Advisory 2014-40

Firefox for Android addressbar suppression

Announced
April 29, 2014
Reporter
Juho Nurminen
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 29

Description

Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly leading to successful phishing attacks.

References