CVE-2016-9071

Summary

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 50affected

Weaknesses

  • Probe browser history via HSTS/301 redirect + CSP

ADP Enrichment

CVE Program Container

Additional References

References