Bug 601142 (CVE-2016-9078)

Summary:	<www-client/firefox{,-bin}-50.0.1: data: URL can inherit wrong origin after an HTTP redirect
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	critical	CC:	mozilla
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
Whiteboard:	~1 [noglsa]
Package list:		Runtime testing required:	---

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-11-28 23:16:42 UTC

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.

Note: This issue only affects Firefox 49 and 50.

Comment 1 Jory A. Pratt gentoo-dev

2016-11-29 01:40:03 UTC

Ebuild for 50.0.1 is in tree we do not keep stale builds so feel free to close as you desire.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2016-11-29 01:48:43 UTC

Dropping to ~1 because affected version were never stable.