CVE-2016-9078
Severity CVSS v4.0:
Pending analysis
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
11/06/2018
Last modified:
01/08/2018
Description
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page