By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 63.0 (excluding) |
Firefox_esr | Mozilla | * | 60.3 (excluding) |