Mozilla Firefox Security Advisories (MFSA2016-91, MFSA2016-91) - Windows

Mozilla Firefox is prone to an URL redirection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

UBUNTU-CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

FreeBSD : mozilla -- data: URL can inherit wrong origin after an HTTP redirect (f90fce70-ecfa-4f4d-9ee8-c476dbf4bf0e)

The Mozilla Foundation reports : Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies ha...

Security vulnerabilities fixed in Firefox 50.0.1 — Mozilla

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the...

mozilla -- data: URL can inherit wrong origin after an HTTP redirect

The Mozilla Foundation reports: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has...

KLA10909 Security vulnerabilitity in Mozilla Firefox

An unspecified vulnerability was found in Mozilla Firefox 49 and 50. It can be exploited to gain priveleges. Technical details Redirection from HTTP connection to a data:URL assigns the referring of site origin to the data: URL in some cases. Because of that same-origin violations against a domai...

WebSummit: Reflected xss on websummit.net

Hey guys, TL;DR: Reflected XSS on websummit.net/attendees/featured-attendees as the q parameter is directly reflecting special characters in the data-url on the handlebars template section of the page, as opposed to URL encoding them. Proof of Concept: Visit...

TYPO3 'data:' URL Scheme Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3. Because the program fails to properly filter user-supplied input, an attacker may be able to exploit the vulnerability to execute arbitrary...

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

Code injection

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

CVE-2016-5251

CVE-2016-5251 affects Mozilla Firefox before 48.0. An attacker could spoof the address bar by crafting non-ASCII or invalid media types in data: URLs. The issue is fixed in Firefox 48.0; users should upgrade to mitigate the vulnerability. The connected advisories (Ubuntu USN-3044-1, openSUSE secu...

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

Mozilla Firefox Falsifies Location Bar Information Vulnerability

Mozilla Firefox is an open source web browser; A security vulnerability in Mozilla Firefox's handling of characters in the multimedia type of data: URL allows remote attackers to construct malicious WEB pages that can be tricked into parsing to spoof location bar information...

CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

UBUNTU-CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...

Design/Logic Flaw

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...