32 pointsby cujanovicalmost 9 years ago

3 comments

afshinmehalmost 9 years ago

They have fixed it, no? <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1199430" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1199430</a>

评论 #12044821 未加载

mnarayan01almost 9 years ago

Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).

teneralmost 9 years ago

Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.

Firefox – Same-Origin Policy Bypass (CVE-2015-7188)

3 comments

Firefox – Same-Origin Policy Bypass (CVE-2015-7188)

3 comments