A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.
*Note: This issue only affected Android operating systems. Other operating syst
A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 1
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Fire
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox
In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.
When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vuln
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a m
When using an invalid protocol scheme, an attacker could spoof the address bar.
*Note: This issue only affected Android operating systems. Other operating systems are unaffected.*
*Note: This issue i
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity:
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serve
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: M
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The man
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Med
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium s
Page 1+ Next →