The host is missing a critical security update according to Mozilla advisory, MFSA2016-91. The update is required to fix a same-origin bypass vulnerability. A flaw is present in the application, which fails to handle the redirection from an HTTP connection to a data: URL which assigns the referring site's origin to the data: URL in some circumstances. Successful exploitation can result in same-ori ...