[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Puffin Web Browser Address Bar Spoofing Vulnerability puts Millions of users at risk
From: Rafay Baloch <rbsoulhunter17@xxxxxxxxx>
Date: Mon, 14 Jul 2014 20:15:56 +0500

Greetings,

I have discovered an address bar spoofing vulnerability inside of Puffin
Web browser which has user base of more than 10 million Google play and
Mobo genie combined. (Just for android).

A detailed writeup and a video demonstration and POC is available here:
http://www.rafayhackingarticles.net/2014/07/puffin-web-browser-address-bar-spoofing.html

-- 
Warm Regards,
Rafay Baloch

http://rafayhackingarticles.net

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
Next by Date: [FD] United Airways® united.com Insecure Transmission of User Credentials
Previous by thread: [FD] [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
Next by thread: [FD] United Airways® united.com Insecure Transmission of User Credentials
Index(es):
- Date
- Thread