본문 바로가기

취약점 정보2

Mozilla Foundation Security Advisory 2016-91

728x90

Security vulnerabilities fixed in Firefox 50.0.1

ANNOUNCED
November 28, 2016
PRODUCTS
Firefox
FIXED IN
  • Firefox 50.0.1

#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect

REPORTER
Alexander Inführ
IMPACT
CRITICAL
Description

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data:URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. 
Note: This issue only affects Firefox 49 and 50.

References


728x90