Mozilla Foundation Security Advisory 2016-54
Partial same-origin-policy through setting location.host through data URI
- Announced
- June 7, 2016
- Reporter
- Armin Ebert
- Impact
- Low
- Products
- Firefox
- Fixed in
- 
        - Firefox 47
 
Description
Security researcher Armin Ebert reported that the
location.host property can be set to an arbitrary string after creating an
invalid data: URI. This allows for a bypass of some same-origin policy
protections. This issue is mitigated by the data: URI in use and any
same-origin checks for http: or https: are still enforced
correctly. As a result cookie stealing and other common same-origin bypass attacks are not
possible.