VDB

CVE-2018-5138

CVE-2018-5138 PUBLISHED

Reported by mozilla · Published June 11, 2018

A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.

Affected Products

VendorProductVersions
MozillaFirefoxunspecified
MozillaFirefoxunspecified

Timeline

  • Jun 11, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

  • 103386 vdb-entryx_refsource_BID
  • x_refsource_CONFIRM
  • 1040514 vdb-entryx_refsource_SECTRACK
  • x_refsource_CONFIRM
Open in Interactive Console →
$ Console Community · 100/wk Open console ›