Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extensions Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 97.0 (excluding) |
Firefox_esr | Mozilla | * | 91.6 (excluding) |
Thunderbird | Mozilla | * | 91.6 (excluding) |