Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2016-91

Security vulnerabilities fixed in Firefox 50.0.1

Announced
November 28, 2016
Impact
critical
Products
Firefox
Fixed in
  • Firefox 50.0.1

#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect

Reporter
Alexander Inführ
Impact
critical
Description

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
Note: This issue only affects Firefox 49 and 50.

References