Mozilla Firefox < 50.0.1 Authentication Bypass
Medium Nessus Network Monitor Plugin ID 9849
SynopsisThe remote host has a web browser installed that is vulnerable to an authentication bypass attack vector.
DescriptionVersions of Mozilla Firefox prior to 50.0.1 are unpatched for a flaw in the 'nsScriptSecurityManager::GetChannelResultPrincipal()' function in 'caps/nsScriptSecurityManager.cpp' that is triggered when handling HTTP redirects to 'data: URLs'. This may allow a context-dependent attacker to bypass the same-origin policy.
SolutionUpgrade to Firefox version 50.0.1 or later.