PT-2016-7645 · Mozilla+3 · Firefox+3

Alexander Inführ

Published

2016-11-28

Updated

2024-12-12

CVE-2016-9078

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions 49 through 50.0

Description The issue allows redirection from an HTTP connection to a "data:" URL, assigning the referring site's origin to the "data:" URL in certain circumstances. This can lead to same-origin violations against a domain if it loads resources from malicious sites. It has been demonstrated that cross-origin setting of cookies is possible without the ability to read them.

Recommendations For Firefox versions 49 through 50.0, update to version 50.0.1 or later to resolve the issue.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2016-2388

CVE-2016-9078

MGASA-2017-0323

OPENSUSE-SU-2016_2994-1

OPENSUSE-SU-2016_3011-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-3140-1

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-7645 · Mozilla+3 · Firefox+3

CVE-2016-9078

Weakness Enumeration

Related Identifiers

Affected Products

References · 2077