Vulnerability Description
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 19 |
| Mozilla | Firefox | <= 28.0 |
| Android | All versions | |
| Oracle | Solaris | 11.3 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.htmlThird Party Advisory
- http://www.mozilla.org/security/announce/2014/mfsa2014-40.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1030163Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=960146Issue Tracking
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.htmlThird Party Advisory
- http://www.mozilla.org/security/announce/2014/mfsa2014-40.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1030163Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=960146Issue Tracking
FAQ
What is CVE-2014-1527?
CVE-2014-1527 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scro...
How severe is CVE-2014-1527?
CVE-2014-1527 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1527?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mozilla Firefox, Google Android, Oracle Solaris.