CVE-2016-1940
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
Date published : 2016-01-31
http://www.mozilla.org/security/announce/2016/mfsa2016-05.html