Impact
Users for Firefox Lite can be tricked into loading a web page that presents itself as a different page by modifying (spoofing) the URL shown in the location bar.
After pressing the back button, Firefox Lite was too early to set the address bar to the previous webBackForwardList. Therefore the address bar has been changed earlier than the the actual page (out of sync). This allows for a URL spoofing attack.
Patches
This issue has been patched in Firefox Lite 2.6.1, which is available through the Google Play Store (not available in all regions) or for direct download through the 2.6.1 Release page.
Workarounds
No workaround is available. It is recommended to upgrade to Firefox Lite 2.6.1.
References
This issue is documented and discussed in Bugzilla #1688979.
For more information
If you have any questions or comments about this advisory:
sourc7 Analyst
Impact
Users for Firefox Lite can be tricked into loading a web page that presents itself as a different page by modifying (spoofing) the URL shown in the location bar.
Patches
This issue has been patched in Firefox Lite 2.6.1, which is available through the Google Play Store (not available in all regions) or for direct download through the 2.6.1 Release page.
Workarounds
No workaround is available. It is recommended to upgrade to Firefox Lite 2.6.1.
References
This issue is documented and discussed in Bugzilla #1688979.
For more information
If you have any questions or comments about this advisory: