Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images.
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images.
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168 https://bugzilla.mozilla.org/show_bug.cgi?id=1449548