CVE-2016-9065: Input Validation
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected.
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9063
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
Frequently Asked Questions
What is CVE-2016-9065?
CVE-2016-9065 is a vulnerability in Firefox for Android that allows spoofing of the location bar by forcing a user into fullscreen mode and creating a fake location bar without user notification.
Which versions of Firefox are affected by CVE-2016-9065?
Versions up to (but not including) 50 of Firefox for Android are affected by CVE-2016-9065.
What is the severity of CVE-2016-9065?
CVE-2016-9065 has a severity rating of high (CVSS score of 7).
How can I fix CVE-2016-9065?
To fix CVE-2016-9065, update Firefox on your Android device to version 50 or newer.
Where can I find more information about CVE-2016-9065?
You can find more information about CVE-2016-9065 on the following URLs: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1306696), [Mozilla Security Advisory](https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/), and [SecurityFocus](http://www.securityfocus.com/bid/94342).