Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox_esr | Mozilla | 38.0 | 38.0 |
Firefox_esr | Mozilla | 38.2.1 | 38.2.1 |
Firefox_esr | Mozilla | 38.1.0 | 38.1.0 |
Firefox_esr | Mozilla | 38.2.0 | 38.2.0 |
Firefox_esr | Mozilla | 38.6.1 | 38.6.1 |
Firefox_esr | Mozilla | 38.4.0 | 38.4.0 |
Firefox_esr | Mozilla | 38.3.0 | 38.3.0 |
Firefox_esr | Mozilla | 38.5.1 | 38.5.1 |
Firefox_esr | Mozilla | 38.0.5 | 38.0.5 |
Firefox_esr | Mozilla | 38.0.1 | 38.0.1 |
Firefox_esr | Mozilla | 38.5.0 | 38.5.0 |
Firefox_esr | Mozilla | 38.6.0 | 38.6.0 |
Firefox_esr | Mozilla | 38.1.1 | 38.1.1 |
Firefox | Mozilla | * | 44.0.2 |