vulnerability
MFSA2016-54 Firefox: Partial same-origin-policy through setting location.host through data URI (CVE-2016-2825)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jun 7, 2016 | Jun 8, 2016 | Mar 27, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 7, 2016
Added
Jun 8, 2016
Modified
Mar 27, 2026
Description
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
Solution
mozilla-firefox-upgrade-47_0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.