They have fixed it, no? https://bugzilla.mozilla.org/show_bug.cgi?id=1199430

Yes, in Firefox 42.

> However, I think that this bug is interesting from a purely technical standpoint, hence I decided to share.

It was fascinating, and a good reason not to copy and paste code when you can prevent it.

Title seems misleading. The same-origin bypass is via Flash. The Firefox portion is having a funky URL/hostname, which Flash then uses (edit: mis-parses).

Very interesting exploit. I wonder what else is affected by IP addresses parsing issues.