Endpoint Vulnerability

Trailing whitespace in IP address hostnames can bypass same-origin policy

Description

Security researcher Micha Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.

Affected Products

Firefox,Firefox ESR

References

CVE-2015-7188,