The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a script: false panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 41.0.2 (including) |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | vivid | * |
| Firefox | Ubuntu | wily | * |