PT-2016-7645 · Mozilla+3 · Firefox+3

Alexander Inführ

Publicado

2016-11-28

Atualizado

2024-12-12

CVE-2016-9078

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions 49 through 50.0

Description The issue allows redirection from an HTTP connection to a "data:" URL, assigning the referring site's origin to the "data:" URL in certain circumstances. This can lead to same-origin violations against a domain if it loads resources from malicious sites. It has been demonstrated that cross-origin setting of cookies is possible without the ability to read them.

Recommendations For Firefox versions 49 through 50.0, update to version 50.0.1 or later to resolve the issue.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALT-PU-2016-2388

CVE-2016-9078

MGASA-2017-0323

OPENSUSE-SU-2016_2994-1

OPENSUSE-SU-2016_3011-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-3140-1

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-7645 · Mozilla+3 · Firefox+3

CVE-2016-9078

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2077