Mozilla Foundation Security Advisory 2016-91

Security vulnerabilities fixed in Firefox 50.0.1

Announced

November 28, 2016

Impact

critical

Products

Firefox

Fixed in

Firefox 50.0.1

#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect

Reporter: Alexander Inführ
Impact: critical

Description

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
Note: This issue only affects Firefox 49 and 50.

References

Bug 1317641

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising