CVE-2017-5386
Summary
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
References
Advisory Timeline
- Published