Mozilla Firefox for Android URL Truncation Vulnerability Prioritizing Origin

A URL spoofing vulnerability exists in Firefox for Android versions prior to 141. The issue arises because the browser truncates URLs from the end, failing to prioritize the origin, which can mislead users about the actual website they are visiting.

Impact

This vulnerability can lead to URL spoofing, where a malicious site can be disguised as a legitimate one, potentially causing users to trust and interact with it under false pretenses.

Reproduction

To reproduce this vulnerability, open Firefox for Android and navigate to a website with a long URL that includes multiple subdomains. Click on a link that redirects to a different page, then return to the previous tab. Observe how the URL is displayed in the address bar. The browser will have truncated the URL from the end, cutting off important parts of the domain, instead of prioritizing the origin.

Remediation

Users can update to Firefox for Android version 141 or later, where this vulnerability has been fixed.