Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2015-122

Trailing whitespace in IP address hostnames can bypass same-origin policy

November 3, 2015
Michał Bentkowski
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 42
  • Firefox ESR 38.4
  • Thunderbird 38.4


Security researcher Michał Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.