CVE-2016-2817 (retired)

Priority
Description
The WebExtension sandbox feature in
browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0
does not properly restrict principal inheritance during chrome.tabs.create
and chrome.tabs.update API calls, which allows remote attackers to conduct
Universal XSS (UXSS) attacks via a crafted extension that accesses a (1)
javascript: or (2) data: URL.
Assigned-to
chrisccoulson
Package
Upstream:released (46.0)
Ubuntu 16.04 LTS (Xenial Xerus):released (46.0+build5-0ubuntu0.16.04.2)
Package
Priority: Low
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-09-19 15:57:40 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)