Mozilla · Firefox · CVE-2016-9078
**Name of the Vulnerable Software and Affected Versions**
Firefox versions 49 through 50.0
**Description**
The issue allows redirection from an HTTP connection to a "data:" URL, assigning the referring site's origin to the "data:" URL in certain circumstances. This can lead to same-origin violations against a domain if it loads resources from malicious sites. It has been demonstrated that cross-origin setting of cookies is possible without the ability to read them.
**Recommendations**
For Firefox versions 49 through 50.0, update to version 50.0.1 or later to resolve the issue.