Mozilla Foundation Security Advisory 2024-45

Security Vulnerabilities fixed in Firefox for Android 130.0.1

Announced

September 17, 2024

Impact

high

Products

Firefox for Android

Fixed in

Firefox for Android 130.0.1

#CVE-2024-8897: Address bar spoofing after server-side redirect

Reporter: Thomas Orlita
Impact: high

Description

Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.
This bug only affects Firefox for Android. Other versions of Firefox are unaffected.

References

Bug 1862537

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising