CVE-2016-9073

Summary

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 50affected

Weaknesses

  • windows.create schema doesn't specify "format": "relativeUrl"

ADP Enrichment

CVE Program Container

Additional References

References