Red Hat Bugzilla – Bug 1291589
CVE-2015-7211 Mozilla: Hash in data: URI is incorrectly parsed (MFSA 2015-141)
Last modified: 2015-12-16 04:04:07 EST
Security researcher Abdulrahman Alqabandi reported that when a data: URI is parsed, the hash ('#') symbol is incorrectly handled, allowing for spoofing attacks. This issue could result in the wrong URI being displayed as a location, which can mislead users to believe they are on a different site than the one loaded.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.