Firefox – Same-Origin Policy Bypass (CVE-2015-7188) (blog.bentkowski.info) 32 points by cujanovic 10y ago ↗ HN
[–] afshinmeh 10y ago ↗ They have fixed it, no? https://bugzilla.mozilla.org/show_bug.cgi?id=1199430 [–] softblush 10y ago ↗ Yes, in Firefox 42.> However, I think that this bug is interesting from a purely technical standpoint, hence I decided to share. [–] cmdrfred 10y ago ↗ It was fascinating, and a good reason not to copy and paste code when you can prevent it.
[–] softblush 10y ago ↗ Yes, in Firefox 42.> However, I think that this bug is interesting from a purely technical standpoint, hence I decided to share. [–] cmdrfred 10y ago ↗ It was fascinating, and a good reason not to copy and paste code when you can prevent it.
[–] cmdrfred 10y ago ↗ It was fascinating, and a good reason not to copy and paste code when you can prevent it.
[–] mnarayan01 10y ago ↗ Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).
[–] tener 10y ago ↗ Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.
5 comments
[ 3.5 ms ] story [ 27.2 ms ] thread> However, I think that this bug is interesting from a purely technical standpoint, hence I decided to share.