Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2015-7185

Description

Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

- https://bugzilla.mozilla.org/show_bug.cgi?id=1149000

Github

No PoCs found on GitHub currently.