CVE-2016-2817

Priority
Description
The WebExtension sandbox feature in
browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0
does not properly restrict principal inheritance during chrome.tabs.create
and chrome.tabs.update API calls, which allows remote attackers to conduct
Universal XSS (UXSS) attacks via a crafted extension that accesses a (1)
javascript: or (2) data: URL.
Assigned-to
chrisccoulson
Package
Upstream:released (46.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (46.0+build5-0ubuntu0.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (46.0+build5-0ubuntu0.16.04.2)
Package
Priority: Low
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-19 12:25:49 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)