Firefox – Same-Origin Policy Bypass (CVE-2015-7188)

Y	Hacker News new \| ask \| show \| jobs

	Firefox – Same-Origin Policy Bypass (CVE-2015-7188) (blog.bentkowski.info)
	32 points by cujanovic 3638 days ago

3 comments

afshinmeh 3637 days ago

They have fixed it, no? https://bugzilla.mozilla.org/show_bug.cgi?id=1199430

link

softblush 3637 days ago

Yes, in Firefox 42.

> However, I think that this bug is interesting from a purely technical standpoint, hence I decided to share.

link

cmdrfred 3637 days ago

It was fascinating, and a good reason not to copy and paste code when you can prevent it.

link

mnarayan01 3637 days ago

Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).

link

tener 3637 days ago

Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.

link