Address bar spoofing in Firefox Lite for Android

…and the idiocy that followed

Video demo — https://youtu.be/wzpteHxAQSw

Thanks for the notification, — REDACTED — ! we’ll prioritize this issue in the sprint planning later today. — REDACTED —

Hi folks,
Per the given information and testing result, this issue is reproducible only on old webview versions (70).
Users has to update Chrome and Firefox Lite to latest version so that they get better security.
And then the coming tricky problem is we don’t have good position to prompt users to update their Chrome.
As we have very small user base hanging on that (or older) version so the impact is fairly limited.
That said, we don’t see immediate action to take on this issue.

Originally published on Tinkering the kernel.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piyush Raj ~ Rex

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com