728x90
Security vulnerabilities fixed in Firefox 50.0.1
- ANNOUNCED
- November 28, 2016
- PRODUCTS
- Firefox
- FIXED IN
- Firefox 50.0.1
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
- REPORTER
- Alexander Inführ
- IMPACT
- CRITICAL
Description
Redirection from an HTTP connection to a data:
URL assigns the referring site's origin to the data:
URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
Note: This issue only affects Firefox 49 and 50.
References
728x90
'취약점 정보2' 카테고리의 다른 글
Xen Security Advisories 업데이트 내역정리 (0) | 2016.11.29 |
---|---|
이니텍社 ActiveX 사용에 대한 이용자 주의 권고 (0) | 2016.11.29 |
NTP 다중 취약점 보안 업데이트 권고 (0) | 2016.11.28 |
NTP 취약한 프로토콜에 대한 dos (cve-2016-7434) (0) | 2016.11.28 |
삼성 smart security update (0) | 2016.11.28 |