Mozilla Firefox CVE-2015-7211 Input Validation Bypass Vulnerability
Description
Security researcher Abdulrahman Alqabandi reported that when a data: URI is parsed, the hash ('#') symbol is incorrectly handled, allowing for spoofing attacks. This issue could result in the wrong URI being displayed as a location, which can mislead users to believe they are on a different site than the one loaded.
Affected Applications
Firefox