Address bar spoofing vulnerability in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7

Address bar spoofing vulnerability in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7

CVE-2016-1965 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.

Learn more about our Web Application Penetration Testing UK.