When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 84.0 (excluding) |
Firefox_esr | Mozilla | * | 78.6.0 (excluding) |
Thunderbird | Mozilla | * | 78.6.0 (excluding) |