The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:45.7.0-2.el5_11 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:45.7.0-1.el5_11 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:45.7.0-2.el6_8 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:45.7.0-1.el6_8 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:45.7.0-2.el7_3 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:45.7.0-1.el7_3 | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Firefox | Ubuntu | yakkety | * |
| Firefox | Ubuntu | zesty | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | xenial | * |
| Thunderbird | Ubuntu | yakkety | * |
| Thunderbird | Ubuntu | zesty | * |