Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 50.0.1 Authentication Bypass

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to an authentication bypass attack vector.

Description

Versions of Mozilla Firefox prior to 50.0.1 are unpatched for a flaw in the 'nsScriptSecurityManager::GetChannelResultPrincipal()' function in 'caps/nsScriptSecurityManager.cpp' that is triggered when handling HTTP redirects to 'data: URLs'. This may allow a context-dependent attacker to bypass the same-origin policy.

Solution

Upgrade to Firefox version 50.0.1 or later.