CVE-2016-9078

CVSS v3.0 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.58 % (78^th)

Affected Products 1

Advisories 4

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.

Weaknesses

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:01
(6 years ago)
Updated Date: 2018-08-01 13:53:05
(6 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 49.0	cpe:2.3:a:mozilla:firefox:49.0
	Mozilla Firefox 50.0	cpe:2.3:a:mozilla:firefox:50.0