CVE-2017-7816

Summary

WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 56affected

Weaknesses

  • WebExtensions can load about: URLs in extension UI

ADP Enrichment

CVE Program Container

Additional References

References