Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2016-9078

Published: 11/06/2018 Updated: 01/08/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 49.0

mozilla firefox 50.0

Vendor Advisories

Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Mozilla: Security vulnerabilities fixed in Firefox 50.0.1
Mozilla Foundation Security Advisory 2016-91 Security vulnerabilities fixed in Firefox 5001 Announced November 28, 2016 Impact critical Products Firefox Fixed in Firefox 5001 ...
Arch Linux Issues:
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances This can result in same-origin violations against a domain if it loads resources from malicious sites Cross-origin setting of cookies has been demonstrated without the ability to read them ...

References

CWE-601https://www.mozilla.org/security/advisories/mfsa2016-91/https://bugzilla.mozilla.org/show_bug.cgi?id=1317641http://www.securitytracker.com/id/1037353http://www.securityfocus.com/bid/94569https://nvd.nist.govhttps://usn.ubuntu.com/3140-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook