CVE-2016-2817
CVSS v3.0
5.4 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.68 % (80th)
Affected Products
1
Advisories
3
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2016-04-30 17:59:14
(8 years ago) - Updated Date
-
2017-07-01 01:29:40
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...