Endpoint Vulnerability

Certain escaped characters in host of Location-header are being treated as non-escaped

Description

Security researcher Frans Ros n reported that URLs with certain escaped characters in hostnames are parsed incorrectly. This leads to parsing being abandoned when an effected escaped character is encountered followed by a navigation to the previously parsed version of the URL. When combined with a site allowing for navigation redirection that allows for escaped characters, this could lead to potential extraction of site specific tokens.

Affected Products

Firefox

References

CVE-2015-7195,