CVE-2016-9078

Source
Severity Critical
Remote Yes
Type Same-origin policy bypass
Description
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
Group Package Affected Fixed Severity Status Ticket
AVG-90 firefox 50.0-1 50.0.2-1 Critical Fixed
Date Advisory Group Package Severity Description
01 Dec 2016 ASA-201612-1 AVG-90 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/