Endpoint Vulnerability

Cross-site reading attack through data and view-source URIs

Description

Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files.

Affected Products

Firefox,Firefox ESR

References

CVE-2015-7214,