Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-52.html Acknowledgements: Name: the Mozilla project Upstream: Jordi Chancel
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217