Sites can bypass security checks on permissions to install lightweight themes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 7.0 (including) | 7.0 (including) |
Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
Debian_linux | Debian | 9.0 (including) | 9.0 (including) |