The Add-on SDK in Mozilla Firefox prior to 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |