Mozilla Thunderbird CVE-2015-7188 Vulnerability
Description
Security researcher Micha Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.
Affected Applications
Thunderbird