Endpoint Vulnerability

Hash in data URI is incorrectly parsed

Description

Security researcher Abdulrahman Alqabandi reported that when a data: URI is parsed, the hash ('#') symbol is incorrectly handled, allowing for spoofing attacks. This issue could result in the wrong URI being displayed as a location, which can mislead users to believe they are on a different site than the one loaded.

Affected Products

Firefox

References

CVE-2015-7211,