Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 41.0.2 (including) |