32 点作者 cujanovic将近 9 年前

3 条评论

afshinmeh将近 9 年前

They have fixed it, no? <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1199430" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1199430</a>

评论 #12044821 未加载

mnarayan01将近 9 年前

Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).

tener将近 9 年前

Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.

Firefox – Same-Origin Policy Bypass (CVE-2015-7188)

3 条评论

Firefox – Same-Origin Policy Bypass (CVE-2015-7188)

3 条评论