
Firefox – Same-Origin Policy Bypass (CVE-2015-7188) - cujanovic
http://blog.bentkowski.info/2016/07/firefox-same-origin-policy-bypass-cve.html
======
afshinmeh
They have fixed it, no?
[https://bugzilla.mozilla.org/show_bug.cgi?id=1199430](https://bugzilla.mozilla.org/show_bug.cgi?id=1199430)

~~~
softblush
Yes, in Firefox 42.

> However, I think that this bug is interesting from a purely technical
> standpoint, hence I decided to share.

~~~
cmdrfred
It was fascinating, and a good reason not to copy and paste code when you can
prevent it.

------
mnarayan01
Title seems misleading. The same-origin bypass is via Flash. The Firefox
portion is having a funky URL/hostname, which Flash then uses (edit: mis-
parses).

------
tener
Very interesting exploit. I wonder what else is affected by IP addresses
parsing issues.

