Mozilla Firefox CVE-2016-1940 Request Smuggling Vulnerability

description-logoDescription

Security researcher Muneaki Nishimura reported an issue with displayed URLs and bookmarks on Firefox for Android. If a data: URL is opened from a stored shortcut on the homescreen or from a BOOKMARK intent from another installed Android application, the addressbar continues to show the data: url even if the content redirects to another page, hiding the true origin of the content. This was due to an error in how hosts were handled with data: URLs.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-1940