CVE-2016-9078
published 2018-06-11CVE-2016-9078: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in…
PriorityP342high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
1.88%
76.9th percentile
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 50.0.2-1 (sid) | firefox 50.0.2-1 (sid) |
| debian | firefox-esr | < firefox 50.0.2-1 (sid) | firefox 50.0.2-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 50.0.2+build1-0ubuntu0.14.04.1 | 50.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 50.0.2+build1-0ubuntu0.16.04.1 | 50.0.2+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= unspecified < 50.0.1 | 50.0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-11-30·CVSS 8.8
CVE-2016-9078 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
It was discovered that data: URLs can inherit the wrong origin after a
HTTP redirect in some circumstances. An attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2016-9078)
A use-after-free was discovered in SVG animations. If a user were tricked
in to opening a specially crafted website, an attacker could exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-9079)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Debian
CVE-2016-9078: firefox - Redirection from an HTTP connection to a "data:" URL assigns the referring site'...
vendor_debian·2016·CVSS 8.8
CVE-2016-9078 [HIGH] CVE-2016-9078: firefox - Redirection from an HTTP connection to a "data:" URL assigns the referring site'...
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
Scope: local
sid: resolved (fixed in 50.0.2-1)
GHSA
GHSA-97gg-j6v9-fvp7: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances
ghsa_unreviewed·2022-05-14
CVE-2016-9078 [HIGH] CWE-601 GHSA-97gg-j6v9-fvp7: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
OSV
CVE-2016-9078: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances
osv·2016-11-30·CVSS 8.8
CVE-2016-9078 [HIGH] CVE-2016-9078: Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
OSV
firefox vulnerabilities
osv·2016-11-30·CVSS 8.8
CVE-2016-9078 [HIGH] firefox vulnerabilities
firefox vulnerabilities
It was discovered that data: URLs can inherit the wrong origin after a
HTTP redirect in some circumstances. An attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2016-9078)
A use-after-free was discovered in SVG animations. If a user were tricked
in to opening a specially crafted website, an attacker could exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-9079)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/94569http://www.securitytracker.com/id/1037353https://bugzilla.mozilla.org/show_bug.cgi?id=1317641https://www.mozilla.org/security/advisories/mfsa2016-91/http://www.securityfocus.com/bid/94569http://www.securitytracker.com/id/1037353https://bugzilla.mozilla.org/show_bug.cgi?id=1317641https://www.mozilla.org/security/advisories/mfsa2016-91/
2018-06-11
Published