Improper Handling of Escaped Characters in Location Headers in Mozilla Firefox

Improper Handling of Escaped Characters in Location Headers in Mozilla Firefox

CVE-2015-7195 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.