Mozilla based browsers, including Firefox before 22.214.171.124 and 2.x before
126.96.36.199, and SeaMonkey before 1.0.8, allow remote attackers to bypass the
same origin policy, steal cookies, and conduct other attacks by writing a
URI with a null byte to the hostname (location.hostname) DOM property, due
to interactions with DNS resolver code.
Updated: 2015-10-17 03:27:19 UTC (commit 10086)