FortiClient VulnerabilityMozilla Firefox CVE-2016-5251 Input Validation Bypass Vulnerability
Description
Security researcher Firas Salem reported that decoding url-encoded values in data: urls for display leads to potential spoofing in the Location bar by using non-ASCII and emoji characters in a data: url's mediatype. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded.
Affected Applications
Firefox
CVE References
CVE-2016-5251Other References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66| ID | 31195 |
| Created | Jul 11, 2018 |
| Description Updated |
Dec 19, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Mozilla |
| Patch | auto |
| Application | Firefox |