You are here

U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability

August 16, 2012 - 7:00am

Addthis

PROBLEM:
 

Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability

PLATFORM:
 

Version(s): Mozilla Firefox 6 - 12

ABSTRACT:
 

To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.

REFERENCE LINKS:

http://www.securityfocus.com/bid/54585
CVE-2012-1950

IMPACT ASSESSMENT:

Medium

Discussion:

The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. mozilla Firefox is prone to a URI-spoofing spoofing vulnerability. Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks

Impact:

Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.

Solution:

Updates are available from Vendor this issue is fixed in: Firefox 14 Firefox ESR 10.0.6 Mozilla Firefox Homepage

Addthis