Security researcher MichaÅ‚ Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack. External Reference: https://www.mozilla.org/security/announce/2015/mfsa2015-122.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2015:1982 https://rhn.redhat.com/errata/RHSA-2015-1982.html