Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Mozilla
Information Disclosure
Firefox
NVD
CVSS 2.0
2.6
EPSS
0.7%