WebExtensions can use request redirection and a filterReponseData filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
Ubuntu_linux | Canonical | 17.10 (including) | 17.10 (including) |
Ubuntu_linux | Canonical | 18.04 (including) | 18.04 (including) |
Firefox | Ubuntu | artful | * |
Firefox | Ubuntu | bionic | * |
Firefox | Ubuntu | devel | * |
Firefox | Ubuntu | trusty | * |
Firefox | Ubuntu | upstream | * |
Firefox | Ubuntu | xenial | * |