Bug 983649 (CVE-2016-2825) - VUL-0: CVE-2016-2825: MozillaFirefox: Partial same-origin-policy through setting location.host through data URI (MFSA 2016-54)
Summary: VUL-0: CVE-2016-2825: MozillaFirefox: Partial same-origin-policy through sett...
Status: RESOLVED FIXED
Alias: CVE-2016-2825
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Petr Cerny
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 983549
  Show dependency treegraph
 
Reported: 2016-06-08 06:36 UTC by Marcus Meissner
Modified: 2020-04-05 18:22 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-08 06:36:08 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/


Mozilla Foundation Security Advisory 2016-54
Partial same-origin-policy through setting location.host through data URI

Announced
    June 7, 2016
Reporter
    Armin Razmdjou
Impact
    Low
Products
    Firefox
Fixed in

        Firefox 47

Description

Security researcher Armin Razmdjou reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or https: are still enforced correctly. As a result cookie stealing and other common same-origin bypass attacks are not possible.
References

    Partial SOP violation via forged location.host (CVE-2016-2825)
Comment 1 Bernhard Wiedemann 2016-06-08 18:00:32 UTC 
This is an autogenerated message for OBS integration:
This bug (983649) was mentioned in
https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox
https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox
Comment 2 Swamp Workflow Management 2016-06-08 22:01:21 UTC 
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-06-11 12:13:32 UTC 
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
Comment 4 Swamp Workflow Management 2016-06-11 20:09:29 UTC 
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
Comment 5 Marcus Meissner 2016-08-17 05:51:10 UTC 
released