---

CVE-2016-9078 - log back

CVE-2016-9078 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Same-origin policy bypass
Description	+ Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
Notes