Red Hat Bugzilla – Bug 1277343
CVE-2015-7188 Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)
Last modified: 2016-01-22 09:58:45 EST
Security researcher MichaÅ‚ Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2015:1982 https://rhn.redhat.com/errata/RHSA-2015-1982.html