Mozilla Firefox 49.x < 50.0.1 HTTP Redirect Handling Same-origin Policy Bypass
Medium Nessus Plugin ID 95436
SynopsisThe remote macOS or Mac OS X host contains a web browser that is affected by a same-origin policy bypass vulnerability.
DescriptionThe version of Mozilla Firefox installed on the remote macOS or Mac OS X host is 49.x prior to 50.0.1. It is, therefore, affected by a same-origin policy bypass vulnerability in the GetChannelResultPrincipal() function in nsScriptSecurityManager.cpp due to improper handling of HTTP redirects to 'data: URLs'. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy.
SolutionUpgrade to Mozilla Firefox version 50.0.1 or later.