Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass

The version of Mozilla Firefox installed on the remote Windows host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to 'data: URLs'...

USN-3140-1: Firefox vulnerabilities

It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-9078 A use-after-free was discovered in SVG animations. If a user were tricked in to opening a...

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

UBUNTU-CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

KLA10909 Security vulnerabilitity in Mozilla Firefox

An unspecified vulnerability was found in Mozilla Firefox 49 and 50. It can be exploited to gain priveleges. Technical details Redirection from HTTP connection to a data:URL assigns the referring of site origin to the data: URL in some cases. Because of that same-origin violations against a domai...

mozilla -- data: URL can inherit wrong origin after an HTTP redirect

The Mozilla Foundation reports: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has...

A website icon trigger the bloodshed now! To bypass the same origin policy, determine whether you are logged into a website-vulnerability warning-the black bar safety net

! Foreword I want to tell you is that in the absence of your consent, most of the current mainstream network platform will be a leak of your login status. Regardless of your current whether or not a login operation, the attacker can detect to your computer, log in those networking platform. And...

From XSS to RCE: XSSer

From XSS to RCE This demonstrates how an attacker can utilize XSS to execute arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload. Custom tools and payloads integrated with Metasploit’s Meterpreter in a highly automated approach will be...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3124-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3124-1 advisory. Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsa...

USN-3124-1: Firefox vulnerabilities

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a special...

Ubuntu: Security Advisory (USN-3124-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability require...

Debian DSA-3716-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update...

Mozilla Firefox has multiple vulnerabilities

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has multiple vulnerabilities. An attacker can exploit these vulnerabilities to bypass security restrictions, perform unauthorized operations, obtain sensitive information, acces...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-11471)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox suffers from a homology policy bypass vulnerability, which can be exploited by an attacker to bypass the local shortcut file and load arbitrary local content from disk...

[SECURITY] [DSA 3716-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3716-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2016 https://www.debian.org/security/faq -...

Mozilla: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-89, MFSA 2016-90)

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

[ASA-201611-16] firefox: multiple issues

Arch Linux Security Advisory ASA-201611-16 ========================================== Severity: Critical Date : 2016-11-16 CVE-ID : CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5296 CVE-2016-5297 CVE-2016-9063 CVE-2016-9064 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-90...

CVE-2016-5291

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...