PROBLEM:
Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
PLATFORM:
Version(s): Mozilla Firefox 6 - 12
ABSTRACT:
To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.
REFERENCE LINKS:
http://www.securityfocus.com/bid/54585
CVE-2012-1950
IMPACT ASSESSMENT:
Medium
Discussion:
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks
Impact:
Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.
Solution:
Updates are available from Vendor this issue is fixed in: Firefox 14 Firefox ESR 10.0.6 Mozilla Firefox Homepage