Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9849.PRM
HistoryJan 05, 2017 - 12:00 a.m.

Mozilla Firefox < 50.0.1 Authentication Bypass

2017-01-0500:00:00
Tenable
www.tenable.com
8
JSON

Versions of Mozilla Firefox prior to 50.0.1 are unpatched for a flaw in the ‘nsScriptSecurityManager::GetChannelResultPrincipal()’ function in ‘caps/nsScriptSecurityManager.cpp’ that is triggered when handling HTTP redirects to ‘data: URLs’. This may allow a context-dependent attacker to bypass the same-origin policy.

Binary data 9849.prm
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox
JSON