CVE-2016-9078 (retired)

Priority
Description
Redirection from an HTTP connection to a "data:" URL assigns the referring
site's origin to the "data:" URL in some circumstances. This can result in
same-origin violations against a domain if it loads resources from
malicious sites. Cross-origin setting of cookies has been demonstrated
without the ability to read them. Note: This issue only affects Firefox 49
and 50. This vulnerability affects Firefox < 50.0.1.
Assigned-to
chrisccoulson
Package
Upstream:released (50.0.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (50.0.2+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (50.0.2+build1-0ubuntu0.16.04.1)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:23:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)