Mozilla Foundation Security Advisory 2016-83

Spoofing attack through text injection into internal error pages

Announced
August 2, 2016
Reporter
musicDespiteEverything
Impact
Low
Products
Firefox
Fixed in
  • Firefox 48

Description

Security researcher musicDespiteEverything reported that some of the special about: URLs used by Firefox to display system information or error messages can incorporate text passed as parmeters. These could be used in spoofing attacks.

References