Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2018-12382

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for Android < 62.

Published: Oct 18, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-12382
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mozilla / firefox	62.0	62.0.x

http://www.securityfocus.com/bid/105276
http://www.securitytracker.com/id/1041610
https://bugzilla.mozilla.org/show_bug.cgi?id=1479311
https://www.mozilla.org/security/advisories/mfsa2018-20/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo