#8584 closed enhancement (fixed)
firefox 50.0.2 (was 50.0.1)
Reported by: | Pierre Labastie | Owned by: | |
---|---|---|---|
Priority: | high | Milestone: | 8.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version: security fix:
CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect. Description Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50.
Change History (3)
comment:1 by , 8 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Summary: | firefox 50.0.1 → firefox 50.0.2 (was 50.0.1) |
Note:
See TracTickets
for help on using tickets.
50.0.2 fixes CVE-2016-9079, Use after free in SVG Animation. An exploit in the wild targets Windows and Tor users.