Jordi Chancel

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 88 Firefox ESR versions prior to 78.10 Thunderbird versions prior to 78.10 Description: The issue is related to errors in saving permissions, which could allow a remote attacker to incorrectly assign a security certificate to an HTTP page, potentially spoofing the HTTPS browser padlock. This could occur through complicated navigations with new windows, where an HTTP page could inherit a secure lock icon from an HTTPS page. Recommendations: For Firefox versions prior to 88, update to version 88 or later to resolve the issue. For Firefox ESR versions prior to 78.10, update to version 78.10 or later to resolve the issue. For Thunderbird versions prior to 78.10, update to version 78.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 62 **Description** The issue allows the displayed address bar URL to be spoofed, potentially leading to user confusion. This is achieved by using a javascript: URI in combination with JavaScript to insert text before the loaded domain name and scrolling the loaded domain out of view to the right. **Recommendations** For versions prior to 62, update to version 62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 60 **Description** The issue is related to a lack of protection for internal data in the Firefox web browser. If a text string that is a filename in the operating system's native format is dragged and dropped onto the address bar, the specified local file will be opened, contrary to policy. This could potentially allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding dragging and dropping filenames onto the address bar until a patch is available. Restrict access to sensitive local files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 54 **Description** A mechanism in Firefox for Android allows a malicious site to display a spoofed addressbar when entering fullscreen mode after loading a new tab through JavaScript events. This enables the malicious site to show the location of an arbitrary website instead of the one loaded. Desktop Firefox is unaffected. **Recommendations** For versions prior to 54, update to version 54 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 53 Description: A spoofing issue exists where malicious sites can display a fake address bar on a page when the actual location bar is scrolled out of view, but only if an HTML editable page element is user-selected. This issue specifically affects Firefox for Android, with other operating systems not being affected. Recommendations: For versions prior to 53, update to version 53 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 57 **Description** The issue is related to the implementation of the Content Security Policy (CSP) in Mozilla Firefox, specifically when loading "data:" URLs. This could allow a remote attacker to conduct cross-site scripting (XSS) attacks by bypassing the CSP, potentially executing JavaScript. **Recommendations** For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting the use of "data:" URLs in new tabs to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 51 Description: The issue is a location bar spoofing attack that occurs when a series of JavaScript events are combined with fullscreen mode, causing the location bar of a loaded page to be shown over the content of another tab. This problem is specific to Firefox for Android and does not affect other operating systems. Recommendations: For Firefox for Android versions prior to 51, update to version 51 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Firefox for Android versions prior to 51 Description: A spoofing issue exists where malicious sites can display a fake location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view, if navigations between pages can be timed correctly. This issue is specific to Firefox for Android and does not affect other operating systems. Recommendations: For Firefox for Android versions prior to 51, update to version 51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50 Firefox for Android versions prior to 50 **Description** A mechanism exists where the disruption of loading a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. This issue only affects Firefox for Android, with desktop Firefox being unaffected. **Recommendations** For Firefox versions prior to 50, update to version 50 or later to resolve the issue. For Firefox for Android versions prior to 50, update to version 50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions 45.x prior to 45.2 **Description** The issue allows remote attackers to spoof the address bar. This can be achieved via a SELECT element with a persistent menu. **Recommendations** For versions prior to 47.0, update to version 47.0 or later. For Firefox ESR versions 45.x prior to 45.2, update to version 45.2 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.1 Firefox ESR versions prior to 52.1 Firefox versions prior to 53 **Description** The issue is related to a mechanism that allows spoofing the address bar through user interaction on the address bar and the `onblur` event. This could be used by a script to affect text display, making the loaded site appear different from the one actually loaded within the address bar. The vulnerability is associated with insufficient input validation, which may allow a remote attacker to conduct spoofing attacks. **Recommendations** For Thunderbird versions prior to 52.1, update to version 52.1 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Firefox versions prior to 53, update to version 53 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 45.0 **Description** The issue is related to an incomplete restriction of IFRAME Resource Timing API times, allowing remote attackers to bypass the Same Origin Policy and obtain sensitive information. This can be achieved through crafted JavaScript code that leverages `history.back` and `performance.getEntries` calls after restoring a browser session. **Recommendations** For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME elements and limiting access to the `performance.getEntries` function until a patch is applied. Avoid using the `history.back` function in conjunction with `performance.getEntries` calls after restoring a browser session to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue allows remote attackers to conduct clickjacking attacks via a crafted web site. This is due to the file-download dialog enabling a certain button too quickly, triggering a single-click action in a situation where a double-click action was intended. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 on Android **Description** The issue allows remote attackers to spoof the address bar. This is achieved via the `scrollTo` method. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue allows remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. This can be achieved when a user assists the attack, potentially leading to misleading information being displayed in the address bar. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 on Android **Description** The issue is related to errors in security settings, allowing remote attackers to spoof the address bar via crafted JavaScript code. This can occur when the browser exits fullscreen mode and fails to restore the address bar properly. **Recommendations** For versions prior to 42.0, update to version 42.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 on Android **Description** The issue is related to a lack of protection for service data, which can be exploited by a remote attacker using a specially crafted HTML document. This can allow the attacker to bypass access control rules and compromise data privacy. The exploitation involves bypassing the Same Origin Policy, potentially leading to unauthorized actions such as triggering a download or reading cached profile data via a file: URL in a saved HTML document. **Recommendations** For Mozilla Firefox versions prior to 42.0 on Android, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of file: URLs in saved HTML documents to minimize the risk of exploitation. Restrict access to sensitive data and profile information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 on Android **Description** The issue is related to errors in security settings, allowing a remote attacker to modify address-bar attributes after a user inputs a URL. This can be achieved by leveraging a lack of navigation after a paste of a URL with a nonstandard scheme, potentially allowing the spoofing of attributes such as SSL. **Recommendations** For Mozilla Firefox versions prior to 41.0 on Android, update to version 41.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 on OS X **Description** The issue allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. This occurs because the software does not ensure that the cursor is visible. **Recommendations** For versions prior to 37.0 on OS X, update to version 37.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 25.0 Firefox ESR versions 24.x prior to 24.1 Thunderbird versions prior to 24.1 SeaMonkey versions prior to 2.22 **Description** The issue allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing the SELECT element implementation. This is due to the improper restriction of the nature or placement of HTML within a dropdown menu. **Recommendations** For Mozilla Firefox versions prior to 25.0, update to version 25.0 or later. For Firefox ESR versions 24.x prior to 24.1, update to version 24.1 or later. For Thunderbird versions prior to 24.1, update to version 24.1 or later. For SeaMonkey versions prior to 2.22, update to version 2.22 or later.