关键信息 Advisory: 2015-119 Title: Firefox for Android addressbar can be removed after fullscreen mode Date Announced: November 3, 2015 Reporter: Jordi Chanel Impact: Moderate Affected Product: Firefox (Android) Fixed in Version: Firefox 42 Description Security researcher Jordi Chanel reported that when Firefox for Android exits fullscreen mode, it can be induced through script to not restore the address bar when the window is redrawn in normal mode. This could allow an attacker to spoof the address bar with their own content. This issue only affects Firefox for Android; Firefox on other operating systems is not affected. References Killing the Location bar using fullscreen mode and alert function on another tab (CVE-2015-7185)